CVE-2006-6077

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://secunia.com/advisories/23046	Exploit Vendor Advisory
http://secunia.com/advisories/23108
http://secunia.com/advisories/24205
http://secunia.com/advisories/24238
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24293
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24393
http://secunia.com/advisories/24395
http://secunia.com/advisories/24437
http://secunia.com/advisories/24457
http://secunia.com/advisories/24650
http://secunia.com/advisories/25588
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://securitytracker.com/id?1017271	Exploit
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://www.debian.org/security/2007/dsa-1336
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.info-svc.com/news/11-21-2006/	Exploit
http://www.info-svc.com/news/11-21-2006/rcsr1/
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://www.securityfocus.com/archive/1/452382/100/0/threaded
http://www.securityfocus.com/archive/1/452431/100/0/threaded
http://www.securityfocus.com/archive/1/452440/100/0/threaded
http://www.securityfocus.com/archive/1/452463/100/0/threaded
http://www.securityfocus.com/archive/1/454982/100/0/threaded
http://www.securityfocus.com/archive/1/455073/100/0/threaded
http://www.securityfocus.com/archive/1/455148/100/0/threaded
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/bid/21240	Exploit
http://www.securityfocus.com/bid/22694
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2006/4662
http://www.vupen.com/english/advisories/2007/0718
https://bugzilla.mozilla.org/show_bug.cgi?id=360493	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/30470
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://secunia.com/advisories/23046	Exploit Vendor Advisory
http://secunia.com/advisories/23108
http://secunia.com/advisories/24205
http://secunia.com/advisories/24238
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24293
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24393
http://secunia.com/advisories/24395
http://secunia.com/advisories/24437
http://secunia.com/advisories/24457
http://secunia.com/advisories/24650
http://secunia.com/advisories/25588
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://securitytracker.com/id?1017271	Exploit
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://www.debian.org/security/2007/dsa-1336
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.info-svc.com/news/11-21-2006/	Exploit
http://www.info-svc.com/news/11-21-2006/rcsr1/
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://www.securityfocus.com/archive/1/452382/100/0/threaded
http://www.securityfocus.com/archive/1/452431/100/0/threaded
http://www.securityfocus.com/archive/1/452440/100/0/threaded
http://www.securityfocus.com/archive/1/452463/100/0/threaded
http://www.securityfocus.com/archive/1/454982/100/0/threaded
http://www.securityfocus.com/archive/1/455073/100/0/threaded
http://www.securityfocus.com/archive/1/455148/100/0/threaded
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/bid/21240	Exploit
http://www.securityfocus.com/bid/22694
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2006/4662
http://www.vupen.com/english/advisories/2007/0718
https://bugzilla.mozilla.org/show_bug.cgi?id=360493	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/30470
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox:1.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
	cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
	cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:2.0:::::::*
	cpe:2.3:a:netscape:navigator:8.1.2:::::::*

History

21 Nov 2024, 00:21

Information

Published : 2006-11-24 17:07

Updated : 2025-04-09 00:30

NVD link : CVE-2006-6077

Mitre link : CVE-2006-6077

CVE.ORG link : CVE-2006-6077

JSON object : View

Products Affected

netscape

navigator

mozilla

firefox

CWE

NVD-CWE-Other

{"id": "CVE-2006-6077", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-24T17:07:00.000", "references": [{"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc", "source": "cve@mitre.org"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc", "source": "cve@mitre.org"}, {"url": "http://fedoranews.org/cms/node/2713", "source": "cve@mitre.org"}, {"url": "http://fedoranews.org/cms/node/2728", "source": "cve@mitre.org"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", "source": "cve@mitre.org"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", "source": "cve@mitre.org"}, {"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23046", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23108", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24205", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24238", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24287", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24290", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24293", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24320", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24328", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24333", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24342", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24343", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24384", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24393", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24395", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24437", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24457", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24650", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25588", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200703-04.xml", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017271", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2007/dsa-1336", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml", "source": "cve@mitre.org"}, {"url": "http://www.info-svc.com/news/11-21-2006/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.info-svc.com/news/11-21-2006/rcsr1/", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050", "source": "cve@mitre.org"}, {"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21240", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22694", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-428-1", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4662", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0718", "source": "cve@mitre.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470", "source": "cve@mitre.org"}, {"url": "https://issues.rpath.com/browse/RPL-1081", "source": "cve@mitre.org"}, {"url": "https://issues.rpath.com/browse/RPL-1103", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031", "source": "cve@mitre.org"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://fedoranews.org/cms/node/2713", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://fedoranews.org/cms/node/2728", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23046", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23108", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24205", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24238", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24287", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24290", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24293", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24320", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24328", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24333", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24342", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24343", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24384", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24393", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24395", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24437", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24457", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24650", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25588", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-200703-04.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1017271", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2007/dsa-1336", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.info-svc.com/news/11-21-2006/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.info-svc.com/news/11-21-2006/rcsr1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21240", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22694", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/usn-428-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4662", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0718", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://issues.rpath.com/browse/RPL-1081", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://issues.rpath.com/browse/RPL-1103", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password."}, {"lang": "es", "value": "El (1) Password Manager en Mozilla Firefox 2.0, y 1.5.0.8 y anteriores; y el (2) Passcard Manager en Netscape 8.1.2 y posiblemente otras versiones, no verifican correctamente que una ACTION URL en un elemento FORM contiene una contrase\u00f1a (elemento INPUT) que encaja con el sitio web para lo cual el usuario almacena una contrase\u00f1a, lo cual permite a un atacante remoto obtener contrase\u00f1as a trav\u00e9s de la contrase\u00f1a (elemento INPUT) sobre un p\u00e1gina web diferente localizada sobre un sitio web previsto para esta contrase\u00f1a."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD89DF1B-8235-41DE-97C5-A3D039B0C3E7", "versionEndIncluding": "1.5.0.8"}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D"}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7"}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66BE50FE-EA21-4633-A181-CD35196DF06E"}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874"}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB"}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA"}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99"}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F"}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05"}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922"}, {"criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32"}, {"criteria": "cpe:2.3:a:netscape:navigator:8.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3523E6B8-3498-4D46-9C8B-31D572263388"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10