Firefox 2 Password Manager Flaw

Author
Aron Schatz
Posted
November 22, 2006
Views
10440

Page All:

Page 1
There is a bug in the saved password manager that Firefox uses. It turns out that Firefox will fill in forms that are hidden from the user. That can be used very easily in a phishing attack.

Quote

RCSR attacks are also actively targeting Microsoft Internet Explorer, however a flaw in Firefox makes the attack much more likely to succeed. The Password Manager component of FireFox can be exploited to send a username and password combination to an attacker's computer without the user's knowledge. Users of both Firefox and Internet Explorer need to be aware that their information can be stolen in this way when visiting blog and forum websites at trusted addresses.

Title

Medium Image View Large