|
|
>> Multiple Web Browser Password Manager Feature Credentials Disclosure Vulnerability
|
Title : Multiple Web Browser Password Manager Feature Credentials Disclosure Vulnerability
VUPEN ID : VUPEN/ADV-2006-4662
CVE ID : CVE-2006-6077 - CVE-2006-6238
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-11-22
|
A vulnerability has been identified in various web brosers, which could be exploited by remote attackers to gain knowledge of sensitive information. This isse is due to an error in the password management feature that does not validate URLs before automatically filling in forms with saved usernames and passwords, which could be exploited by remote attackers to trick users into sending their credentials for certain web sites to a malicious page on the same domain by convincing them to visit a specially crafted Web page and perform certain actions that will cause saved usernames and passwords to be inadvertently submitted.
Affected Products
Mozilla Firefox versions 2.x
Mozilla Firefox versions 1.x
Netscape versions 8.x
Apple Safari versions 2.x
Solution
VUPEN Security is not aware of any vendor-supplied patch.
References
http://www.vupen.com/english/advisories/2006/4662
https://bugzilla.mozilla.org/show_bug.cgi?id=360493
Credits
Vulnerability reported by Robert Chapin
ChangeLog
2006-11-22 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
