{"api_version":"1","generated_at":"2026-04-24T22:08:17+00:00","cve":"CVE-2006-6077","urls":{"html":"https://cve.report/CVE-2006-6077","api":"https://cve.report/api/cve/CVE-2006-6077.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-6077","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-6077"},"summary":{"title":"CVE-2006-6077","description":"The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.","state":"PUBLISHED","assigner":"mitre","published_at":"2006-11-24 17:07:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.redhat.com/support/errata/RHSA-2007-0097.html","name":"http://www.redhat.com/support/errata/RHSA-2007-0097.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/452440/100/0/threaded","name":"http://www.securityfocus.com/archive/1/452440/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.novell.com/linux/security/advisories/2007_22_mozilla.html","name":"http://www.novell.com/linux/security/advisories/2007_22_mozilla.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security Announcement","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0078.html","name":"http://www.redhat.com/support/errata/RHSA-2007-0078.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mozilla.org/security/announce/2007/mfsa2007-02.html","name":"http://www.mozilla.org/security/announce/2007/mfsa2007-02.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"MFSA 2007-02: Improvements to help protect against Cross-Site Scripting attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24384","name":"http://secunia.com/advisories/24384","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SUSE update for MozillaFirefox and seamonkey - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html","name":"http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SuSE Security announcements: [suse-security-announce] SUSE Security Announcement: MozillaFirefox (SUSE-SA:2007:019)","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/461809/100/0/threaded","name":"http://www.securityfocus.com/archive/1/461809/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131","name":"http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"The Slackware Linux Project: Slackware Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/461336/100/0/threaded","name":"http://www.securityfocus.com/archive/1/461336/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://fedoranews.org/cms/node/2713","name":"http://fedoranews.org/cms/node/2713","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora Core 5 Update: firefox-1.5.0.10-1.fc5 | FedoraNEWS.ORG","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200703-04.xml","name":"http://security.gentoo.org/glsa/glsa-200703-04.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  Mozilla Firefox: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24293","name":"http://secunia.com/advisories/24293","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rPath update for firefox and thunderbird - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2007/dsa-1336","name":"http://www.debian.org/security/2007/dsa-1336","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-1336-1 mozilla-firefox","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=360493","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=360493","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"360493 – Cross-Site Forms + Password Manager = Security Failure","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24328","name":"http://secunia.com/advisories/24328","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Fedora update for firefox - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/4662","name":"http://www.vupen.com/english/advisories/2006/4662","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24343","name":"http://secunia.com/advisories/24343","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Mandriva update for firefox - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.info-svc.com/news/11-21-2006/","name":"http://www.info-svc.com/news/11-21-2006/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Chapin Information Services","mime":"text/xml","httpstatus":"404","archivestatus":"200"},{"url":"ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc","name":"ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://secunia.com/advisories/24205","name":"http://secunia.com/advisories/24205","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Mozilla Firefox Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml","name":"http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  SeaMonkey: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/0718","name":"http://www.vupen.com/english/advisories/2007/0718","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24238","name":"http://secunia.com/advisories/24238","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Mozilla SeaMonkey Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1017271","name":"http://securitytracker.com/id?1017271","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"SecurityTracker.com Archives - Mozilla Firefox Password Manager Can Disclose Passwords and Other Form Values to Remote Websites","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.rpath.com/browse/RPL-1103","name":"https://issues.rpath.com/browse/RPL-1103","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[#RPL-1103] thunderbird security update - 1.5.0.10 - rPath Issue Tracking System","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:050","name":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:050","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advisories | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23108","name":"http://secunia.com/advisories/23108","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Netscape Passcard Manager Information Disclosure - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24290","name":"http://secunia.com/advisories/24290","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat update for firefox - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/455148/100/0/threaded","name":"http://www.securityfocus.com/archive/1/455148/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24320","name":"http://secunia.com/advisories/24320","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Fedora update for firefox - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24650","name":"http://secunia.com/advisories/24650","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24395","name":"http://secunia.com/advisories/24395","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat update for thunderbird - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/22694","name":"http://www.securityfocus.com/bid/22694","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://issues.rpath.com/browse/RPL-1081","name":"https://issues.rpath.com/browse/RPL-1081","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://secunia.com/advisories/23046","name":"http://secunia.com/advisories/23046","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"],"title":"Firefox Password Manager Information Disclosure - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/454982/100/0/threaded","name":"http://www.securityfocus.com/archive/1/454982/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742","name":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) - c00771742 - \n\t\tHP Business Support Center","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/25588","name":"http://secunia.com/advisories/25588","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian update for mozilla-firefox - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/455073/100/0/threaded","name":"http://www.securityfocus.com/archive/1/455073/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/21240","name":"http://www.securityfocus.com/bid/21240","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0079.html","name":"http://www.redhat.com/support/errata/RHSA-2007-0079.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/452382/100/0/threaded","name":"http://www.securityfocus.com/archive/1/452382/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24342","name":"http://secunia.com/advisories/24342","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SGI update for seamonkey - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc","name":"ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://www.info-svc.com/news/11-21-2006/rcsr1/","name":"http://www.info-svc.com/news/11-21-2006/rcsr1/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Chapin Information Services","mime":"text/xml","httpstatus":"404","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0108.html","name":"http://www.redhat.com/support/errata/RHSA-2007-0108.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-428-1","name":"http://www.ubuntu.com/usn/usn-428-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-428-1: Firefox vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24393","name":"http://secunia.com/advisories/24393","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo update for mozilla-firefox and mozilla-firefox-bin - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30470","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30470","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24437","name":"http://secunia.com/advisories/24437","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo update for seamonkey - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2007-0077.html","name":"http://rhn.redhat.com/errata/RHSA-2007-0077.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/452431/100/0/threaded","name":"http://www.securityfocus.com/archive/1/452431/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24457","name":"http://secunia.com/advisories/24457","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Slackware update for seamonkey - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://fedoranews.org/cms/node/2728","name":"http://fedoranews.org/cms/node/2728","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora Core 6 Update: firefox-1.5.0.10-1.fc6 | FedoraNEWS.ORG","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/24333","name":"http://secunia.com/advisories/24333","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Ubuntu update for firefox - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/452463/100/0/threaded","name":"http://www.securityfocus.com/archive/1/452463/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24287","name":"http://secunia.com/advisories/24287","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat update for seamonkey - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-6077","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-6077","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5","cpe7":"beta1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5","cpe7":"beta2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"1.5.0.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6077","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netscape","cpe5":"navigator","cpe6":"8.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T20:12:31.622Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"RHSA-2007:0078","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2007-0078.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.info-svc.com/news/11-21-2006/rcsr1/"},{"name":"oval:org.mitre.oval:def:10031","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"},{"name":"24395","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24395"},{"name":"20070226 rPSA-2007-0040-1 firefox","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/461336/100/0/threaded"},{"name":"24328","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24328"},{"name":"RHSA-2007:0108","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2007-0108.html"},{"name":"GLSA-200703-04","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-200703-04.xml"},{"name":"20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/452440/100/0/threaded"},{"name":"GLSA-200703-08","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"},{"name":"23046","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/23046"},{"name":"24384","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24384"},{"name":"20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/452431/100/0/threaded"},{"name":"20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/455073/100/0/threaded"},{"name":"24457","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24457"},{"name":"firefox-passwordmgr-information-disclosure(30470)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"},{"name":"24343","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24343"},{"name":"DSA-1336","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2007/dsa-1336"},{"name":"HPSBUX02153","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"},{"name":"1017271","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1017271"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"},{"name":"ADV-2007-0718","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/0718"},{"name":"20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/454982/100/0/threaded"},{"name":"24650","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24650"},{"name":"USN-428-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/usn-428-1"},{"name":"24320","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24320"},{"name":"25588","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/25588"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.rpath.com/browse/RPL-1103"},{"name":"SUSE-SA:2007:019","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"},{"name":"20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/452463/100/0/threaded"},{"name":"20070303 rPSA-2007-0040-3 firefox thunderbird","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/461809/100/0/threaded"},{"name":"SUSE-SA:2007:022","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"},{"name":"24293","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24293"},{"name":"24238","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24238"},{"name":"24393","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24393"},{"name":"24342","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24342"},{"name":"24287","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24287"},{"name":"20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/452382/100/0/threaded"},{"name":"20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/455148/100/0/threaded"},{"name":"23108","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/23108"},{"name":"21240","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/21240"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=360493"},{"name":"22694","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/22694"},{"name":"SSRT061181","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"},{"name":"FEDORA-2007-281","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://fedoranews.org/cms/node/2713"},{"name":"RHSA-2007:0097","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2007-0097.html"},{"name":"FEDORA-2007-293","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://fedoranews.org/cms/node/2728"},{"name":"20070301-01-P","tags":["vendor-advisory","x_refsource_SGI","x_transferred"],"url":"ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"},{"name":"24205","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24205"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.rpath.com/browse/RPL-1081"},{"name":"24333","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24333"},{"name":"ADV-2006-4662","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/4662"},{"name":"MDKSA-2007:050","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"},{"name":"24290","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24290"},{"name":"RHSA-2007:0077","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2007-0077.html"},{"name":"20070202-01-P","tags":["vendor-advisory","x_refsource_SGI","x_transferred"],"url":"ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"},{"name":"SSA:2007-066-05","tags":["vendor-advisory","x_refsource_SLACKWARE","x_transferred"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"},{"name":"RHSA-2007:0079","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2007-0079.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.info-svc.com/news/11-21-2006/"},{"name":"24437","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24437"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-11-22T00:00:00.000Z","descriptions":[{"lang":"en","value":"The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-17T20:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"RHSA-2007:0078","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2007-0078.html"},{"tags":["x_refsource_MISC"],"url":"http://www.info-svc.com/news/11-21-2006/rcsr1/"},{"name":"oval:org.mitre.oval:def:10031","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"},{"name":"24395","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24395"},{"name":"20070226 rPSA-2007-0040-1 firefox","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/461336/100/0/threaded"},{"name":"24328","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24328"},{"name":"RHSA-2007:0108","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2007-0108.html"},{"name":"GLSA-200703-04","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-200703-04.xml"},{"name":"20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/452440/100/0/threaded"},{"name":"GLSA-200703-08","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"},{"name":"23046","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/23046"},{"name":"24384","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24384"},{"name":"20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/452431/100/0/threaded"},{"name":"20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/455073/100/0/threaded"},{"name":"24457","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24457"},{"name":"firefox-passwordmgr-information-disclosure(30470)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"},{"name":"24343","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24343"},{"name":"DSA-1336","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2007/dsa-1336"},{"name":"HPSBUX02153","tags":["vendor-advisory","x_refsource_HP"],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"},{"name":"1017271","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1017271"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"},{"name":"ADV-2007-0718","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/0718"},{"name":"20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/454982/100/0/threaded"},{"name":"24650","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24650"},{"name":"USN-428-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/usn-428-1"},{"name":"24320","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24320"},{"name":"25588","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/25588"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.rpath.com/browse/RPL-1103"},{"name":"SUSE-SA:2007:019","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"},{"name":"20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/452463/100/0/threaded"},{"name":"20070303 rPSA-2007-0040-3 firefox thunderbird","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/461809/100/0/threaded"},{"name":"SUSE-SA:2007:022","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"},{"name":"24293","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24293"},{"name":"24238","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24238"},{"name":"24393","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24393"},{"name":"24342","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24342"},{"name":"24287","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24287"},{"name":"20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/452382/100/0/threaded"},{"name":"20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/455148/100/0/threaded"},{"name":"23108","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/23108"},{"name":"21240","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/21240"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=360493"},{"name":"22694","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/22694"},{"name":"SSRT061181","tags":["vendor-advisory","x_refsource_HP"],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"},{"name":"FEDORA-2007-281","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://fedoranews.org/cms/node/2713"},{"name":"RHSA-2007:0097","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2007-0097.html"},{"name":"FEDORA-2007-293","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://fedoranews.org/cms/node/2728"},{"name":"20070301-01-P","tags":["vendor-advisory","x_refsource_SGI"],"url":"ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"},{"name":"24205","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24205"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.rpath.com/browse/RPL-1081"},{"name":"24333","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24333"},{"name":"ADV-2006-4662","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/4662"},{"name":"MDKSA-2007:050","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"},{"name":"24290","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24290"},{"name":"RHSA-2007:0077","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2007-0077.html"},{"name":"20070202-01-P","tags":["vendor-advisory","x_refsource_SGI"],"url":"ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"},{"name":"SSA:2007-066-05","tags":["vendor-advisory","x_refsource_SLACKWARE"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"},{"name":"RHSA-2007:0079","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2007-0079.html"},{"tags":["x_refsource_MISC"],"url":"http://www.info-svc.com/news/11-21-2006/"},{"name":"24437","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24437"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-6077","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"RHSA-2007:0078","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2007-0078.html"},{"name":"http://www.info-svc.com/news/11-21-2006/rcsr1/","refsource":"MISC","url":"http://www.info-svc.com/news/11-21-2006/rcsr1/"},{"name":"oval:org.mitre.oval:def:10031","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"},{"name":"24395","refsource":"SECUNIA","url":"http://secunia.com/advisories/24395"},{"name":"20070226 rPSA-2007-0040-1 firefox","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/461336/100/0/threaded"},{"name":"24328","refsource":"SECUNIA","url":"http://secunia.com/advisories/24328"},{"name":"RHSA-2007:0108","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2007-0108.html"},{"name":"GLSA-200703-04","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200703-04.xml"},{"name":"20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/452440/100/0/threaded"},{"name":"GLSA-200703-08","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"},{"name":"23046","refsource":"SECUNIA","url":"http://secunia.com/advisories/23046"},{"name":"24384","refsource":"SECUNIA","url":"http://secunia.com/advisories/24384"},{"name":"20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/452431/100/0/threaded"},{"name":"20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/455073/100/0/threaded"},{"name":"24457","refsource":"SECUNIA","url":"http://secunia.com/advisories/24457"},{"name":"firefox-passwordmgr-information-disclosure(30470)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"},{"name":"24343","refsource":"SECUNIA","url":"http://secunia.com/advisories/24343"},{"name":"DSA-1336","refsource":"DEBIAN","url":"http://www.debian.org/security/2007/dsa-1336"},{"name":"HPSBUX02153","refsource":"HP","url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"},{"name":"1017271","refsource":"SECTRACK","url":"http://securitytracker.com/id?1017271"},{"name":"http://www.mozilla.org/security/announce/2007/mfsa2007-02.html","refsource":"CONFIRM","url":"http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"},{"name":"ADV-2007-0718","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0718"},{"name":"20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/454982/100/0/threaded"},{"name":"24650","refsource":"SECUNIA","url":"http://secunia.com/advisories/24650"},{"name":"USN-428-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-428-1"},{"name":"24320","refsource":"SECUNIA","url":"http://secunia.com/advisories/24320"},{"name":"25588","refsource":"SECUNIA","url":"http://secunia.com/advisories/25588"},{"name":"https://issues.rpath.com/browse/RPL-1103","refsource":"CONFIRM","url":"https://issues.rpath.com/browse/RPL-1103"},{"name":"SUSE-SA:2007:019","refsource":"SUSE","url":"http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"},{"name":"20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/452463/100/0/threaded"},{"name":"20070303 rPSA-2007-0040-3 firefox thunderbird","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/461809/100/0/threaded"},{"name":"SUSE-SA:2007:022","refsource":"SUSE","url":"http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"},{"name":"24293","refsource":"SECUNIA","url":"http://secunia.com/advisories/24293"},{"name":"24238","refsource":"SECUNIA","url":"http://secunia.com/advisories/24238"},{"name":"24393","refsource":"SECUNIA","url":"http://secunia.com/advisories/24393"},{"name":"24342","refsource":"SECUNIA","url":"http://secunia.com/advisories/24342"},{"name":"24287","refsource":"SECUNIA","url":"http://secunia.com/advisories/24287"},{"name":"20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/452382/100/0/threaded"},{"name":"20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/455148/100/0/threaded"},{"name":"23108","refsource":"SECUNIA","url":"http://secunia.com/advisories/23108"},{"name":"21240","refsource":"BID","url":"http://www.securityfocus.com/bid/21240"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=360493","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=360493"},{"name":"22694","refsource":"BID","url":"http://www.securityfocus.com/bid/22694"},{"name":"SSRT061181","refsource":"HP","url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"},{"name":"FEDORA-2007-281","refsource":"FEDORA","url":"http://fedoranews.org/cms/node/2713"},{"name":"RHSA-2007:0097","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2007-0097.html"},{"name":"FEDORA-2007-293","refsource":"FEDORA","url":"http://fedoranews.org/cms/node/2728"},{"name":"20070301-01-P","refsource":"SGI","url":"ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"},{"name":"24205","refsource":"SECUNIA","url":"http://secunia.com/advisories/24205"},{"name":"https://issues.rpath.com/browse/RPL-1081","refsource":"CONFIRM","url":"https://issues.rpath.com/browse/RPL-1081"},{"name":"24333","refsource":"SECUNIA","url":"http://secunia.com/advisories/24333"},{"name":"ADV-2006-4662","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/4662"},{"name":"MDKSA-2007:050","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"},{"name":"24290","refsource":"SECUNIA","url":"http://secunia.com/advisories/24290"},{"name":"RHSA-2007:0077","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2007-0077.html"},{"name":"20070202-01-P","refsource":"SGI","url":"ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"},{"name":"SSA:2007-066-05","refsource":"SLACKWARE","url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"},{"name":"RHSA-2007:0079","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2007-0079.html"},{"name":"http://www.info-svc.com/news/11-21-2006/","refsource":"MISC","url":"http://www.info-svc.com/news/11-21-2006/"},{"name":"24437","refsource":"SECUNIA","url":"http://secunia.com/advisories/24437"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2006-6077","datePublished":"2006-11-24T17:00:00.000Z","dateReserved":"2006-11-24T00:00:00.000Z","dateUpdated":"2024-08-07T20:12:31.622Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-11-24 17:07:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5.0.8","matchCriteriaId":"FD89DF1B-8235-41DE-97C5-A3D039B0C3E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*","matchCriteriaId":"ABB88E86-6E83-4A59-9266-8B98AA91774D"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*","matchCriteriaId":"E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*","matchCriteriaId":"66BE50FE-EA21-4633-A181-CD35196DF06E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"7D6BF5B1-86D1-47FE-9D9C-735718F94874"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"84D15CE0-69DF-4EFD-801E-96A4D6AABEDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"F2F38886-C25A-4C6B-93E7-36461405BA99"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"C65D2670-F37F-48CB-804A-D35BB1C27D9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"DE8E5194-7B34-4802-BDA6-6A86EB5EDE05"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*","matchCriteriaId":"3487FA64-BE04-42CA-861E-3DAC097D7D32"},{"vulnerable":true,"criteria":"cpe:2.3:a:netscape:navigator:8.1.2:*:*:*:*:*:*:*","matchCriteriaId":"3523E6B8-3498-4D46-9C8B-31D572263388"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"6077","Ordinal":"1","Title":"CVE-2006-6077","CVE":"CVE-2006-6077","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"6077","Ordinal":"1","NoteData":"The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.","Type":"Description","Title":"CVE-2006-6077"},{"CveYear":"2006","CveId":"6077","Ordinal":"2","NoteData":"2006-11-24","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"6077","Ordinal":"3","NoteData":"2018-10-17","Type":"Other","Title":"Modified"}]}}}