Launchpad.net

CVE 2006-6077

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

Related bugs and status

CVE-2006-6077 (Candidate) is related to these bugs:

Bug #77333: Firefox 1.5.0.9 still missing in Dapper

Summary				In	Importance	Status
	77333	Firefox 1.5.0.9 still missing in Dapper		firefox (Ubuntu)	Undecided	Fix Released
	77333	Firefox 1.5.0.9 still missing in Dapper		mozilla-thunderbird (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.info-svc.co...
CONFIRM: https://bugzilla.mozil...
BID: 21240
SECTRACK: 1017271
SECUNIA: 23046
SECUNIA: 23108
MISC: http://www.info-svc.co...
CONFIRM: http://www.mozilla.org...
FEDORA: FEDORA-2007-281
REDHAT: RHSA-2007:0079
REDHAT: RHSA-2007:0077
UBUNTU: USN-428-1
BID: 22694
SECUNIA: 24238
SECUNIA: 24287
SECUNIA: 24290
SECUNIA: 24205
SECUNIA: 24328
CONFIRM: https://issues.rpath.c...
FEDORA: FEDORA-2007-293
GENTOO: GLSA-200703-04
REDHAT: RHSA-2007:0078
SECUNIA: 24333
SECUNIA: 24343
SECUNIA: 24320
SECUNIA: 24293
SECUNIA: 24393
CONFIRM: https://issues.rpath.c...
SUSE: SUSE-SA:2007:019
SECUNIA: 24395
SECUNIA: 24384
GENTOO: GLSA-200703-08
REDHAT: RHSA-2007:0097
REDHAT: RHSA-2007:0108
SECUNIA: 24437
SGI: 20070301-01-P
SECUNIA: 24650
SUSE: SUSE-SA:2007:022
SECUNIA: 24457
SGI: 20070202-01-P
SECUNIA: 24342
DEBIAN: DSA-1336
SECUNIA: 25588
MANDRIVA: MDKSA-2007:050
HP: HPSBUX02153
HP: SSRT061181
VUPEN: ADV-2006-4662
VUPEN: ADV-2007-0718
SLACKWARE: SSA:2007-066-05
XF: firefox-passwordmgr-in...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20061122 Big Flaw in F...
BUGTRAQ: 20061123 Password Flaw...
BUGTRAQ: 20061123 Re: Big Flaw ...
BUGTRAQ: 20061123 Re: Password ...
BUGTRAQ: 20061220 critical Flaw...
BUGTRAQ: 20061221 Re: critical ...
BUGTRAQ: 20061222 Re[2]: critic...
BUGTRAQ: 20070226 rPSA-2007-004...
BUGTRAQ: 20070303 rPSA-2007-004...