{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-22T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2007:0078", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/"}, {"name": "oval:org.mitre.oval:def:10031", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"}, {"name": "24395", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24395"}, {"name": "20070226 rPSA-2007-0040-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"}, {"name": "24328", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24328"}, {"name": "RHSA-2007:0108", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"}, {"name": "GLSA-200703-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"}, {"name": "20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded"}, {"name": "GLSA-200703-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"}, {"name": "23046", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23046"}, {"name": "24384", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24384"}, {"name": "20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded"}, {"name": "20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded"}, {"name": "24457", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24457"}, {"name": "firefox-passwordmgr-information-disclosure(30470)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"}, {"name": "24343", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24343"}, {"name": "DSA-1336", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1336"}, {"name": "HPSBUX02153", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "1017271", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017271"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"}, {"name": "ADV-2007-0718", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0718"}, {"name": "20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded"}, {"name": "24650", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24650"}, {"name": "USN-428-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-428-1"}, {"name": "24320", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24320"}, {"name": "25588", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25588"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1103"}, {"name": "SUSE-SA:2007:019", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}, {"name": "20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded"}, {"name": "20070303 rPSA-2007-0040-3 firefox thunderbird", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"}, {"name": "SUSE-SA:2007:022", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"}, {"name": "24293", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24293"}, {"name": "24238", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24238"}, {"name": "24393", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24393"}, {"name": "24342", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24342"}, {"name": "24287", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24287"}, {"name": "20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded"}, {"name": "20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded"}, {"name": "23108", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23108"}, {"name": "21240", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21240"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493"}, {"name": "22694", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22694"}, {"name": "SSRT061181", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "FEDORA-2007-281", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2713"}, {"name": "RHSA-2007:0097", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"}, {"name": "FEDORA-2007-293", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2728"}, {"name": "20070301-01-P", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"}, {"name": "24205", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24205"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1081"}, {"name": "24333", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24333"}, {"name": "ADV-2006-4662", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4662"}, {"name": "MDKSA-2007:050", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"}, {"name": "24290", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24290"}, {"name": "RHSA-2007:0077", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"}, {"name": "20070202-01-P", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"}, {"name": "SSA:2007-066-05", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"}, {"name": "RHSA-2007:0079", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.info-svc.com/news/11-21-2006/"}, {"name": "24437", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24437"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6077", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2007:0078", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"}, {"name": "http://www.info-svc.com/news/11-21-2006/rcsr1/", "refsource": "MISC", "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/"}, {"name": "oval:org.mitre.oval:def:10031", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"}, {"name": "24395", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24395"}, {"name": "20070226 rPSA-2007-0040-1 firefox", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"}, {"name": "24328", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24328"}, {"name": "RHSA-2007:0108", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"}, {"name": "GLSA-200703-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"}, {"name": "20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded"}, {"name": "GLSA-200703-08", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"}, {"name": "23046", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23046"}, {"name": "24384", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24384"}, {"name": "20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded"}, {"name": "20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded"}, {"name": "24457", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24457"}, {"name": "firefox-passwordmgr-information-disclosure(30470)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"}, {"name": "24343", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24343"}, {"name": "DSA-1336", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1336"}, {"name": "HPSBUX02153", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "1017271", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017271"}, {"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"}, {"name": "ADV-2007-0718", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0718"}, {"name": "20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded"}, {"name": "24650", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24650"}, {"name": "USN-428-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-428-1"}, {"name": "24320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24320"}, {"name": "25588", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25588"}, {"name": "https://issues.rpath.com/browse/RPL-1103", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1103"}, {"name": "SUSE-SA:2007:019", "refsource": "SUSE", "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}, {"name": "20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded"}, {"name": "20070303 rPSA-2007-0040-3 firefox thunderbird", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"}, {"name": "SUSE-SA:2007:022", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"}, {"name": "24293", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24293"}, {"name": "24238", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24238"}, {"name": "24393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24393"}, {"name": "24342", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24342"}, {"name": "24287", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24287"}, {"name": "20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded"}, {"name": "20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded"}, {"name": "23108", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23108"}, {"name": "21240", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21240"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493"}, {"name": "22694", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22694"}, {"name": "SSRT061181", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "FEDORA-2007-281", "refsource": "FEDORA", "url": "http://fedoranews.org/cms/node/2713"}, {"name": "RHSA-2007:0097", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"}, {"name": "FEDORA-2007-293", "refsource": "FEDORA", "url": "http://fedoranews.org/cms/node/2728"}, {"name": "20070301-01-P", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"}, {"name": "24205", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24205"}, {"name": "https://issues.rpath.com/browse/RPL-1081", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1081"}, {"name": "24333", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24333"}, {"name": "ADV-2006-4662", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4662"}, {"name": "MDKSA-2007:050", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"}, {"name": "24290", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24290"}, {"name": "RHSA-2007:0077", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"}, {"name": "20070202-01-P", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"}, {"name": "SSA:2007-066-05", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"}, {"name": "RHSA-2007:0079", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"}, {"name": "http://www.info-svc.com/news/11-21-2006/", "refsource": "MISC", "url": "http://www.info-svc.com/news/11-21-2006/"}, {"name": "24437", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24437"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:12:31.622Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2007:0078", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/"}, {"name": "oval:org.mitre.oval:def:10031", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"}, {"name": "24395", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24395"}, {"name": "20070226 rPSA-2007-0040-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"}, {"name": "24328", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24328"}, {"name": "RHSA-2007:0108", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"}, {"name": "GLSA-200703-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"}, {"name": "20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded"}, {"name": "GLSA-200703-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"}, {"name": "23046", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23046"}, {"name": "24384", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24384"}, {"name": "20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded"}, {"name": "20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded"}, {"name": "24457", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24457"}, {"name": "firefox-passwordmgr-information-disclosure(30470)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"}, {"name": "24343", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24343"}, {"name": "DSA-1336", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1336"}, {"name": "HPSBUX02153", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "1017271", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017271"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"}, {"name": "ADV-2007-0718", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0718"}, {"name": "20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded"}, {"name": "24650", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24650"}, {"name": "USN-428-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-428-1"}, {"name": "24320", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24320"}, {"name": "25588", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25588"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1103"}, {"name": "SUSE-SA:2007:019", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}, {"name": "20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded"}, {"name": "20070303 rPSA-2007-0040-3 firefox thunderbird", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"}, {"name": "SUSE-SA:2007:022", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"}, {"name": "24293", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24293"}, {"name": "24238", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24238"}, {"name": "24393", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24393"}, {"name": "24342", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24342"}, {"name": "24287", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24287"}, {"name": "20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded"}, {"name": "20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded"}, {"name": "23108", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23108"}, {"name": "21240", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21240"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493"}, {"name": "22694", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22694"}, {"name": "SSRT061181", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "FEDORA-2007-281", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/cms/node/2713"}, {"name": "RHSA-2007:0097", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"}, {"name": "FEDORA-2007-293", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/cms/node/2728"}, {"name": "20070301-01-P", "tags": ["vendor-advisory", "x_refsource_SGI", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"}, {"name": "24205", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24205"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1081"}, {"name": "24333", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24333"}, {"name": "ADV-2006-4662", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4662"}, {"name": "MDKSA-2007:050", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"}, {"name": "24290", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24290"}, {"name": "RHSA-2007:0077", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"}, {"name": "20070202-01-P", "tags": ["vendor-advisory", "x_refsource_SGI", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"}, {"name": "SSA:2007-066-05", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"}, {"name": "RHSA-2007:0079", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.info-svc.com/news/11-21-2006/"}, {"name": "24437", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24437"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6077", "datePublished": "2006-11-24T17:00:00", "dateReserved": "2006-11-24T00:00:00", "dateUpdated": "2024-08-07T20:12:31.622Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD89DF1B-8235-41DE-97C5-A3D039B0C3E7", "versionEndIncluding": "1.5.0.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "matchCriteriaId": "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "matchCriteriaId": "66BE50FE-EA21-4633-A181-CD35196DF06E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32", "vulnerable": true}, {"criteria": "cpe:2.3:a:netscape:navigator:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "3523E6B8-3498-4D46-9C8B-31D572263388", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password."}, {"lang": "es", "value": "El (1) Password Manager en Mozilla Firefox 2.0, y 1.5.0.8 y anteriores; y el (2) Passcard Manager en Netscape 8.1.2 y posiblemente otras versiones, no verifican correctamente que una ACTION URL en un elemento FORM contiene una contrase\u00f1a (elemento INPUT) que encaja con el sitio web para lo cual el usuario almacena una contrase\u00f1a, lo cual permite a un atacante remoto obtener contrase\u00f1as a trav\u00e9s de la contrase\u00f1a (elemento INPUT) sobre un p\u00e1gina web diferente localizada sobre un sitio web previsto para esta contrase\u00f1a."}], "id": "CVE-2006-6077", "lastModified": "2018-10-17T21:46:26.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-24T17:07:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"}, {"source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"}, {"source": "cve@mitre.org", "url": "http://fedoranews.org/cms/node/2713"}, {"source": "cve@mitre.org", "url": "http://fedoranews.org/cms/node/2728"}, {"source": "cve@mitre.org", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "cve@mitre.org", "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/23046"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23108"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24205"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24238"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24287"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24290"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24293"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24320"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24328"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24333"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24342"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24343"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24384"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24393"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24395"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24437"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24457"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24650"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25588"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1017271"}, {"source": "cve@mitre.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1336"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.info-svc.com/news/11-21-2006/"}, {"source": "cve@mitre.org", "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"}, {"source": "cve@mitre.org", "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/21240"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22694"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-428-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4662"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0718"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"}, {"source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-1081"}, {"source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-1103"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:0077", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "seamonkey-0:1.0.8-0.2.el2", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2007-02-24T00:00:00Z"}, {"advisory": "RHSA-2007:0077", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "seamonkey-0:1.0.8-0.2.el3", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-02-24T00:00:00Z"}, {"advisory": "RHSA-2007:0077", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "devhelp-0:0.10-0.7.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-02-24T00:00:00Z"}, {"advisory": "RHSA-2007:0077", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "seamonkey-0:1.0.8-0.2.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-02-24T00:00:00Z"}, {"advisory": "RHSA-2007:0078", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "thunderbird-0:1.5.0.10-0.1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-03-02T00:00:00Z"}, {"advisory": "RHSA-2007:0079", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "firefox-0:1.5.0.10-0.1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-02-23T00:00:00Z"}, {"advisory": "RHSA-2007:0097", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "devhelp-0:0.12-10.0.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-03-14T00:00:00Z"}, {"advisory": "RHSA-2007:0097", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:1.5.0.10-2.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-03-14T00:00:00Z"}, {"advisory": "RHSA-2007:0097", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "yelp-0:2.16.0-14.0.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-03-14T00:00:00Z"}, {"advisory": "RHSA-2007:0108", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "thunderbird-0:1.5.0.10-1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-03-14T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1618236", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618236"}, "csaw": false, "details": ["The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password."], "name": "CVE-2006-6077", "public_date": "2007-02-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-6077\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-6077"], "threat_severity": "Moderate"}