Vulnerability Report

CVE-2006-6077

Title: Mozilla Firefox

Other

Proof Of Concept

No public PoC currently indexed for CVE-2006-6077.

CWE Category NVD-CWE-noinfo

Published Date Nov 24, 2006

Modified Date Apr 23, 2026

Exploit Status Not Found

Score 5.0 CVSS v2.0

Exploit Probability (EPSS)

3.06%

Vulnerability Summary

CVE-2006-6077: The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

Impacted Vendors

netscape 1

mozilla 1

cloudera 1

Reference Links

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://rhn.redhat.com/errata/RHSA-2007-0077.html http://secunia.com/advisories/23046 http://secunia.com/advisories/23108 http://secunia.com/advisories/24205 http://secunia.com/advisories/24238 http://secunia.com/advisories/24287 http://secunia.com/advisories/24290 http://secunia.com/advisories/24293 http://secunia.com/advisories/24320 http://secunia.com/advisories/24328 http://secunia.com/advisories/24333 http://secunia.com/advisories/24342 http://secunia.com/advisories/24343 http://secunia.com/advisories/24384 http://secunia.com/advisories/24393 http://secunia.com/advisories/24395 http://secunia.com/advisories/24437 http://secunia.com/advisories/24457 http://secunia.com/advisories/24650 http://secunia.com/advisories/25588 http://security.gentoo.org/glsa/glsa-200703-04.xml http://securitytracker.com/id?1017271 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 http://www.debian.org/security/2007/dsa-1336 http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml http://www.info-svc.com/news/11-21-2006/ http://www.info-svc.com/news/11-21-2006/rcsr1/ http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 http://www.mozilla.org/security/announce/2007/mfsa2007-02.html http://www.novell.com/linux/security/advisories/2007_22_mozilla.html http://www.redhat.com/support/errata/RHSA-2007-0078.html http://www.redhat.com/support/errata/RHSA-2007-0079.html http://www.redhat.com/support/errata/RHSA-2007-0097.html http://www.redhat.com/support/errata/RHSA-2007-0108.html http://www.securityfocus.com/archive/1/452382/100/0/threaded http://www.securityfocus.com/archive/1/452431/100/0/threaded http://www.securityfocus.com/archive/1/452440/100/0/threaded http://www.securityfocus.com/archive/1/452463/100/0/threaded http://www.securityfocus.com/archive/1/454982/100/0/threaded http://www.securityfocus.com/archive/1/455073/100/0/threaded http://www.securityfocus.com/archive/1/455148/100/0/threaded http://www.securityfocus.com/archive/1/461336/100/0/threaded http://www.securityfocus.com/archive/1/461809/100/0/threaded http://www.securityfocus.com/bid/21240 http://www.securityfocus.com/bid/22694 http://www.ubuntu.com/usn/usn-428-1 http://www.vupen.com/english/advisories/2006/4662 http://www.vupen.com/english/advisories/2007/0718 https://bugzilla.mozilla.org/show_bug.cgi?id=360493 https://exchange.xforce.ibmcloud.com/vulnerabilities/30470 https://issues.rpath.com/browse/RPL-1081 https://issues.rpath.com/browse/RPL-1103 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031 ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://rhn.redhat.com/errata/RHSA-2007-0077.html http://secunia.com/advisories/23046 http://secunia.com/advisories/23108 http://secunia.com/advisories/24205 http://secunia.com/advisories/24238 http://secunia.com/advisories/24287 http://secunia.com/advisories/24290 http://secunia.com/advisories/24293 http://secunia.com/advisories/24320 http://secunia.com/advisories/24328 http://secunia.com/advisories/24333 http://secunia.com/advisories/24342 http://secunia.com/advisories/24343 http://secunia.com/advisories/24384 http://secunia.com/advisories/24393 http://secunia.com/advisories/24395 http://secunia.com/advisories/24437 http://secunia.com/advisories/24457 http://secunia.com/advisories/24650 http://secunia.com/advisories/25588 http://security.gentoo.org/glsa/glsa-200703-04.xml http://securitytracker.com/id?1017271 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 http://www.debian.org/security/2007/dsa-1336 http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml http://www.info-svc.com/news/11-21-2006/ http://www.info-svc.com/news/11-21-2006/rcsr1/ http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 http://www.mozilla.org/security/announce/2007/mfsa2007-02.html http://www.novell.com/linux/security/advisories/2007_22_mozilla.html http://www.redhat.com/support/errata/RHSA-2007-0078.html http://www.redhat.com/support/errata/RHSA-2007-0079.html http://www.redhat.com/support/errata/RHSA-2007-0097.html http://www.redhat.com/support/errata/RHSA-2007-0108.html http://www.securityfocus.com/archive/1/452382/100/0/threaded http://www.securityfocus.com/archive/1/452431/100/0/threaded http://www.securityfocus.com/archive/1/452440/100/0/threaded http://www.securityfocus.com/archive/1/452463/100/0/threaded http://www.securityfocus.com/archive/1/454982/100/0/threaded http://www.securityfocus.com/archive/1/455073/100/0/threaded http://www.securityfocus.com/archive/1/455148/100/0/threaded http://www.securityfocus.com/archive/1/461336/100/0/threaded http://www.securityfocus.com/archive/1/461809/100/0/threaded http://www.securityfocus.com/bid/21240 http://www.securityfocus.com/bid/22694 http://www.ubuntu.com/usn/usn-428-1 http://www.vupen.com/english/advisories/2006/4662 http://www.vupen.com/english/advisories/2007/0718 https://bugzilla.mozilla.org/show_bug.cgi?id=360493 https://exchange.xforce.ibmcloud.com/vulnerabilities/30470 https://issues.rpath.com/browse/RPL-1081 https://issues.rpath.com/browse/RPL-1103 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

5.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:P/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2006-6077 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 23, 2026 MODIFIED

Vulnerability data updated via NVD.

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

November 24, 2006 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected Stack

No specific products linked.