5

CVE-2006-6077

Exploit
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 1.5.0.8
MozillaFirefox Version1.5
MozillaFirefox Version1.5 Updatebeta1
MozillaFirefox Version1.5 Updatebeta2
MozillaFirefox Version1.5.0.1
MozillaFirefox Version1.5.0.2
MozillaFirefox Version1.5.0.3
MozillaFirefox Version1.5.0.4
MozillaFirefox Version1.5.0.5
MozillaFirefox Version1.5.0.6
MozillaFirefox Version1.5.0.7
MozillaFirefox Version2.0
NetscapeNavigator Version8.1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.51% 0.847
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
http://secunia.com/advisories/23046
Vendor Advisory
Exploit