CVE-2006-6077

Publication date 24 November 2006

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

Description

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

Status

Package Ubuntu Release Status
firefox 7.10 gutsy
Not affected
7.04 feisty
Fixed 2.0.0.6+1-0ubuntu1
6.10 edgy
Fixed 2.0.0.6+0dfsg-0ubuntu0.6.10
6.06 LTS dapper
Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
iceape 7.10 gutsy
Fixed 1.1.4-1ubuntu2
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
lightning-sunbird 7.10 gutsy
Fixed 0.5-0ubuntu4
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
midbrowser 7.10 gutsy
Fixed 0.1.6b-0ubuntu2
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
xulrunner 7.10 gutsy
Fixed 1.8.0.10-3ubuntu1
7.04 feisty
Fixed 1.8.0.10-3ubuntu1
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-428-1
    • Firefox vulnerabilities
    • 1 March 2007

Other references