Firefox vulnerable to password-stealing attack
Published 14:52:42 23.11.2006
A flaw in Mozilla Corp.'s Firefox browser makes it easy for cybercriminals to steal user information on Web sites where users create their own pages, such as MySpace.com.
The flaw lies in Firefox's Password Manager software, which can be tricked into sending password information to an attacker's Web site, said Robert Chapin, president of Chapin Information Services Inc. For this attack to work, attackers need to be able to create HTML (Hypertext Markup Language) forms on the Web site, something that is allowed on blogging and social networking sites.
The attack was used in a MySpace phishing attack reported in late October. In that attack, users registered a MySpace account named login_home_index_html and used it to host a fake log-in page that exploited the flaw.
More info can be found at :
http://www.infoworld.com/article/06/11/ ... ing_1.html
Sexxiicoolguy (Scape Mod)
Thanks buddy, I had it installed and just removed it, I was a bit suspicious until I saw this posting.