topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Saturday December 14, 2024, 11:05 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Firefox form filler vulnerability - definitely watch out for this one  (Read 6520 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Yikes!

We reported back in October that a phishing attack had hit MySpace, creating fake login forms that looked like the real thing. These appeared on 3000 profile pages, according to Mashable Labs. They worked by using MySpace’s popular html editing features (an essential part of the MySpace layouts craze) to display a login form - once you’d entered your login details, the creators could hijack your profile page, creating another fake login form and sending out spam bulletins. What’s more, we noted briefly that Firefox identified these as real MySpace login pages, and automatically filled in your details.

Now CNET and others are picking up on the story, pointing out that this is a major flaw with the Firefox Password Manager. The flaw affects both Mozilla Firefox and Internet Explorer 7, but it’s being said that Firefox is more vulnerable. Firefox sees “http://www.myspace.com” in the address bar and assumes that the form is a genuine MySpace login page - it doesn’t check, however, where the login details are sent to once you submit them. But what’s even more worrying is that this can be done without a visible login form: a site can hide the login form from view, and have the details automatically submitted when you click a link. Mozilla are working on a fix, but for now the solution is not to use the Password Manager to remember your passwords.

« Last Edit: November 23, 2006, 08:44 PM by mouser »

longrun

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 155
    • View Profile
    • Donate to Member
Re: Firefox form filler vulnerability - definitely watch out for this one
« Reply #1 on: December 09, 2006, 10:15 PM »
Yet another reason to use Opera.