Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2006-6077

Published: Nov 24, 2006 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2006-6077
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 1.5.0.8 (including)
Firefox Mozilla 1.5 (including) 1.5 (including)
Firefox Mozilla 1.5-beta1 (including) 1.5-beta1 (including)
Firefox Mozilla 1.5-beta2 (including) 1.5-beta2 (including)
Firefox Mozilla 1.5.0.1 (including) 1.5.0.1 (including)
Firefox Mozilla 1.5.0.2 (including) 1.5.0.2 (including)
Firefox Mozilla 1.5.0.3 (including) 1.5.0.3 (including)
Firefox Mozilla 1.5.0.4 (including) 1.5.0.4 (including)
Firefox Mozilla 1.5.0.5 (including) 1.5.0.5 (including)
Firefox Mozilla 1.5.0.6 (including) 1.5.0.6 (including)
Firefox Mozilla 1.5.0.7 (including) 1.5.0.7 (including)
Firefox Mozilla 2.0 (including) 2.0 (including)
Navigator Netscape 8.1.2 (including) 8.1.2 (including)
Red Hat Enterprise Linux 2.1 RedHat seamonkey-0:1.0.8-0.2.el2 *
Red Hat Enterprise Linux 3 RedHat seamonkey-0:1.0.8-0.2.el3 *
Red Hat Enterprise Linux 4 RedHat devhelp-0:0.10-0.7.el4 *
Red Hat Enterprise Linux 4 RedHat seamonkey-0:1.0.8-0.2.el4 *
Red Hat Enterprise Linux 4 RedHat thunderbird-0:1.5.0.10-0.1.el4 *
Red Hat Enterprise Linux 4 RedHat firefox-0:1.5.0.10-0.1.el4 *
Red Hat Enterprise Linux 5 RedHat devhelp-0:0.12-10.0.1.el5 *
Red Hat Enterprise Linux 5 RedHat firefox-0:1.5.0.10-2.el5 *
Red Hat Enterprise Linux 5 RedHat yelp-0:2.16.0-14.0.1.el5 *
Red Hat Enterprise Linux 5 RedHat thunderbird-0:1.5.0.10-1.el5 *
Firefox Ubuntu dapper *
Firefox Ubuntu edgy *
Firefox Ubuntu feisty *
Iceape Ubuntu gutsy *
Lightning-sunbird Ubuntu devel *
Lightning-sunbird Ubuntu gutsy *
Midbrowser Ubuntu devel *
Midbrowser Ubuntu gutsy *
Xulrunner Ubuntu devel *
Xulrunner Ubuntu edgy *
Xulrunner Ubuntu feisty *
Xulrunner Ubuntu gutsy *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use