« Zune wants to share
Court approves broad internet immunity »

Critical Firefox hole allows password theft

A flaw in Mozilla Corp.’s Firefox browser makes it easy for cybercriminals to steal user information on Web sites where users create their own pages, such as MySpace.com.

The flaw lies in Firefox’s Password Manager software, which can be tricked into sending password information to an attacker’s Web site, said Robert Chapin, president of Chapin Information Services Inc. For this attack to work, attackers need to be able to create HTML (Hypertext Markup Language) forms on the Web site, something that is allowed on blogging and social networking sites.

The attack was used in a MySpace phishing attack reported in late October. In that attack, users registered a MySpace account named login_home_index_html and used it to host a fake log-in page that exploited the flaw.

Click here for full article

This entry was posted on Saturday, November 25th, 2006 at 12:06 am and is filed under Firefox. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 5 chars within 0..9 and A..F, and submit the form.

  

Oh no, I cannot read this. Please, generate a