HTTP: Mozilla Firefox 2 Password Manager Information Disclosure
This signature detects attempts to exploit a known vulnerability against Mozilla Firefox 2. A successful attack can lead to unauthorized information disclosure.
Extended Description
Mozilla Firefox is reportedly prone to an information-disclosure weakness because it fails to properly notify users of the automatic population of form fields in disparate URLs deriving from the same domain. Exploiting this issue may allow attackers to obtain user credentials that have been saved in forms deriving from the same website where attack code resides. The most common manifestation of this condition would typically be in blogs or forums. This may allow attackers to access potentially sensitive information that would facilitate the success of phishing attacks. Initial reports and preliminary testing indicate that this issue affects only Firefox 2. UPDATE: Firefox 2.0.0.10 is still vulnerable to the issue. UPDATE (March 17, 2008): Unconfirmed reports indicate that this issue affects Firefox 2.0.0.12; we will update this BID as more information emerges.
Affected Products
Mozilla camino
Short Name
HTTP:STC:MOZILLA:FF2-PM-INF-DIS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
2 CVE-2006-6077 Disclosure Firefox Information Manager Mozilla Password bid:21240
Release Date
12/17/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Red_hat
Suse
Gentoo
Rpath
Mozilla
Turbolinux
Avaya
Netscape
Sgi
Slackware
Ubuntu
Mandriva
Debian
CVSS Score
5.0