PT-2006-6722 · Mozilla+3 · Firefox+3

Publicado

2006-11-24

·

Atualizado

2024-12-12

·

CVE-2006-6077

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 2.0 and 1.5.0.8 and earlier Netscape versions 8.1.2 and possibly other versions
Description The issue concerns the password management functionality in the affected browsers. It does not properly verify that the ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password. This allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
Recommendations For Mozilla Firefox versions 2.0 and 1.5.0.8 and earlier, update to a version that properly verifies the ACTION URL in a FORM element containing a password INPUT element. For Netscape versions 8.1.2 and possibly other versions, update to a version that properly verifies the ACTION URL in a FORM element containing a password INPUT element. As a temporary workaround, consider disabling the password management functionality until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-6077
DSA-1336-1
HPSBUX02153
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
RHSA-2007:0077
RHSA-2007:0078
RHSA-2007:0079
RHSA-2007:0097
RHSA-2007:0108
RHSA-2007_0077
RHSA-2007_0078
RHSA-2007_0079
RHSA-2007_0097
RHSA-2007_0108

Produtos afetados

Hp-Ux
Firefox
Netscape
Red Hat