// For flags

CVE-2006-6077

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

El (1) Password Manager en Mozilla Firefox 2.0, y 1.5.0.8 y anteriores; y el (2) Passcard Manager en Netscape 8.1.2 y posiblemente otras versiones, no verifican correctamente que una ACTION URL en un elemento FORM contiene una contraseña (elemento INPUT) que encaja con el sitio web para lo cual el usuario almacena una contraseña, lo cual permite a un atacante remoto obtener contraseñas a través de la contraseña (elemento INPUT) sobre un página web diferente localizada sobre un sitio web previsto para esta contraseña.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-11-24 CVE Reserved
  • 2006-11-24 CVE Published
  • 2024-04-18 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (61)
URL Tag Source
http://secunia.com/advisories/23108 Third Party Advisory
http://secunia.com/advisories/24205 Third Party Advisory
http://secunia.com/advisories/24238 Third Party Advisory
http://secunia.com/advisories/24287 Third Party Advisory
http://secunia.com/advisories/24290 Third Party Advisory
http://secunia.com/advisories/24293 Third Party Advisory
http://secunia.com/advisories/24320 Third Party Advisory
http://secunia.com/advisories/24328 Third Party Advisory
http://secunia.com/advisories/24333 Third Party Advisory
http://secunia.com/advisories/24342 Third Party Advisory
http://secunia.com/advisories/24343 Third Party Advisory
http://secunia.com/advisories/24384 Third Party Advisory
http://secunia.com/advisories/24393 Third Party Advisory
http://secunia.com/advisories/24395 Third Party Advisory
http://secunia.com/advisories/24437 Third Party Advisory
http://secunia.com/advisories/24457 Third Party Advisory
http://secunia.com/advisories/24650 Third Party Advisory
http://secunia.com/advisories/25588 Third Party Advisory
http://www.info-svc.com/news/11-21-2006/rcsr1 X_refsource_misc
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html X_refsource_confirm
http://www.securityfocus.com/archive/1/452382/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/452431/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/452440/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/452463/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/454982/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/455073/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/455148/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/461336/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/461809/100/0/threaded Mailing List
http://www.securityfocus.com/bid/22694 Vdb Entry
http://www.vupen.com/english/advisories/2006/4662 Vdb Entry
http://www.vupen.com/english/advisories/2007/0718 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30470 Vdb Entry
https://issues.rpath.com/browse/RPL-1081 X_refsource_confirm
https://issues.rpath.com/browse/RPL-1103 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031 Signature
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
<= 1.5.0.8
Search vendor "Mozilla" for product "Firefox" and version " <= 1.5.0.8"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5
Search vendor "Mozilla" for product "Firefox" and version "1.5"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5
Search vendor "Mozilla" for product "Firefox" and version "1.5"
beta1
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5
Search vendor "Mozilla" for product "Firefox" and version "1.5"
beta2
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.1
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.2
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.2"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.3
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.3"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.4
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.4"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.5
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.5"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.6
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.6"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.7
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.7"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
2.0
Search vendor "Mozilla" for product "Firefox" and version "2.0"
-
Affected
Netscape
Search vendor "Netscape"
Navigator
Search vendor "Netscape" for product "Navigator"
8.1.2
Search vendor "Netscape" for product "Navigator" and version "8.1.2"
-
Affected