FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-6077

This CVE name corresponds to:

Entered Topic
2007-02-24 mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-6077 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-6077
Phase Assigned(20061124)

Description

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

References

Source Reference
BUGTRAQ 20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords
BUGTRAQ 20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords
BUGTRAQ 20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords
BUGTRAQ 20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords
BUGTRAQ 20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip
BUGTRAQ 20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip
BUGTRAQ 20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip
BUGTRAQ 20070226 rPSA-2007-0040-1 firefox
BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird
MISC http://www.info-svc.com/news/11-21-2006/
MISC http://www.info-svc.com/news/11-21-2006/rcsr1/
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=360493
CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
CONFIRM https://issues.rpath.com/browse/RPL-1081
CONFIRM https://issues.rpath.com/browse/RPL-1103
DEBIAN DSA-1336
FEDORA FEDORA-2007-281
FEDORA FEDORA-2007-293
GENTOO GLSA-200703-04
GENTOO GLSA-200703-08
HP HPSBUX02153
HP SSRT061181
MANDRIVA MDKSA-2007:050
REDHAT RHSA-2007:0079
REDHAT RHSA-2007:0077
REDHAT RHSA-2007:0078
REDHAT RHSA-2007:0097
REDHAT RHSA-2007:0108
SGI 20070301-01-P
SGI 20070202-01-P
SLACKWARE SSA:2007-066-05
SUSE SUSE-SA:2007:019
SUSE SUSE-SA:2007:022
UBUNTU USN-428-1
BID 21240
BID 22694
OVAL oval:org.mitre.oval:def:10031
VUPEN ADV-2006-4662
VUPEN ADV-2007-0718
SECTRACK 1017271
SECUNIA 23046
SECUNIA 23108
SECUNIA 24238
SECUNIA 24287
SECUNIA 24290
SECUNIA 24205
SECUNIA 24328
SECUNIA 24333
SECUNIA 24343
SECUNIA 24320
SECUNIA 24293
SECUNIA 24393
SECUNIA 24395
SECUNIA 24384
SECUNIA 24437
SECUNIA 24650
SECUNIA 24457
SECUNIA 24342
SECUNIA 25588
XF firefox-passwordmgr-information-disclosure(30470)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.