The MITRE CVE dictionary describes this issue as:
The (1) Password Manager in Mozilla Firefox 2.0, and 220.127.116.11 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
Red Hat security errata
|Red Hat Enterprise Linux Desktop version 5 (thunderbird)||RHSA-2007:0108||March 14, 2007|
|Red Hat Enterprise Linux version 2.1 (seamonkey)||RHSA-2007:0077||February 24, 2007|
|Red Hat Enterprise Linux version 3 (seamonkey)||RHSA-2007:0077||February 24, 2007|
|Red Hat Enterprise Linux version 4||RHSA-2007:0077||February 24, 2007|
|Red Hat Enterprise Linux version 4 (firefox)||RHSA-2007:0079||February 23, 2007|
|Red Hat Enterprise Linux version 4 (thunderbird)||RHSA-2007:0078||March 02, 2007|
|Red Hat Enterprise Linux version 5 (firefox)||RHSA-2007:0097||March 14, 2007|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.