VYPR
Unrated severityNVD Advisory· Published Nov 24, 2006· Updated Jun 16, 2026

CVE-2006-6077

CVE-2006-6077

Description

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=1.5.0.8
    • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
    • (no CPE)range: <=2.0
  • cpe:2.3:a:netscape:navigator:8.1.2:*:*:*:*:*:*:*
  • Range: <=8.1.2
  • osv-coords2 versions
    < 128.5.1-1.1+ 1 more
    • (no CPE)range: < 128.5.1-1.1
    • (no CPE)range: < 92.0-1.2

Patches

Vulnerability mechanics

References

59

News mentions

0

No linked articles in our index yet.