The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | 0.8 (including) | 0.8 (including) |
| Firefox | Mozilla | 0.9 (including) | 0.9 (including) |
| Firefox | Mozilla | 0.9-rc (including) | 0.9-rc (including) |
| Firefox | Mozilla | 0.9.1 (including) | 0.9.1 (including) |
| Firefox | Mozilla | 0.9.2 (including) | 0.9.2 (including) |
| Firefox | Mozilla | 0.9.3 (including) | 0.9.3 (including) |
| Firefox | Mozilla | 0.10 (including) | 0.10 (including) |
| Firefox | Mozilla | 0.10.1 (including) | 0.10.1 (including) |
| Firefox | Mozilla | 1.0 (including) | 1.0 (including) |
| Red Hat Enterprise Linux 4 | RedHat | firefox-0:1.0.1-1.4.3 | * |
References
- http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
- http://www.mozilla.org/security/announce/mfsa2005-19.html
- http://www.redhat.com/support/errata/RHSA-2005-176.html
- http://www.securityfocus.com/bid/12659
- https://bugzilla.mozilla.org/show_bug.cgi?id=270697
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825
- http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
- http://www.mozilla.org/security/announce/mfsa2005-19.html
- http://www.redhat.com/support/errata/RHSA-2005-176.html
- http://www.securityfocus.com/bid/12659
- https://bugzilla.mozilla.org/show_bug.cgi?id=270697
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825