CVE-2006-6077
CVE-2006-6077
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.ascftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.aschttp://fedoranews.org/cms/node/2713http://fedoranews.org/cms/node/2728http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0077.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=360493http://secunia.com/advisories/23046http://secunia.com/advisories/23108http://secunia.com/advisories/24205http://secunia.com/advisories/24238