Unrated severityNVD Advisory· Published Dec 3, 2006· Updated Jun 16, 2026

CVE-2006-6238

Description

The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.

Affected products

Apple Inc./Safari2 versions
cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
- (no CPE)range: = 2.0.4

Patches

Vulnerability mechanics

References

tearesolutions.com/2006/11/how_to_steal_passwords_from_safaris_autofill.htmlnvdExploit
www.securityfocus.com/bid/21329nvdExploit
secunia.com/advisories/23066nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000