CVE-2006-6077

Priority
Untriaged
Description
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier;
and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions,
do not properly verify that an ACTION URL in a FORM element containing a
password INPUT element matches the web site for which the user stored a
password, which allows remote attackers to obtain passwords via a password
INPUT element on a different web page located on the web site intended for
this password.
References
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (0.1.6b-0ubuntu2)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (1.8.0.10-3ubuntu1)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (0.5-0ubuntu4)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:17:29 UTC (commit 5347)