- 28 May 2008Advisories » Netscape Passcard Manager Remote Information Disclosure Vulnerability
| Release Date: | 28/11/2006 | Severity: | Less Critical  |
| SecWatch Advisory: | SWID1016287 | Cause: | Not specified |
| Solution Status: | Unpatched | Impact: | Disclosure of user information |
| Exploit Status: | None Available | Access Vector: | From remote |
| Affected Software: | Netscape 8.x | ||
| CVE: | CVE-2006-6077 | ||
| Secunia: | SA23108 | ||
Description:
A vulnerability in Netscape has been reported, which can be exploited by remote users to conduct phishing attacks.
The vulnerability is caused due to the Passcard Manager not properly checking the URL before filling in saved user credentials. This may be exploited to steal user credentials via malicious forms in the same domain.
Successful exploitation requires that the "Automatically Fill Passcard" or "Automatically Log In" option is set in the preferences.
Affected:
Netscape version 8.1.2. Other versions may also be affected.
Solution:
There was no vendor-supplied solution at the time of entry.
Disable the "Automatically Fill Passcard" or "Automatically Log In" option in the preferences of Passcard Manager and always check the URL before invoking it.
Credits:
Unknown
Free Vulnerability Notification Service
Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.
Related Vulnerabilities and Exploits
03 Apr 07: Netscape Multiple Vulnerabilities
27 Feb 07: Netscape Multiple Vulnerabilities
06 Jun 06: Netscape File Upload Form Keystroke Event Cancel Vulnerability
23 May 06: Netscape Exception Handling Full Path Disclosure Vulnerability
08 May 06: Netscape "View Image" Local Resource Linking Weakness