> -----Original Message----- > From: fash1on@xxxxxxxxx [mailto:fash1on@xxxxxxxxx] > Sent: Wednesday, November 22, 2006 4:58 AM > Subject: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords > > > "Today, Mozilla made public bug #360493, which exposes > Firefox's Password Manager on many public sites. The flaw > derives from Firefox's willingness to supply the username and > password stored on one page on a domain to another page on a > domain. For example, username/password input tags on a > Myspace user's site will be unhelpfully propagated with the > visitor's Myspace.com credentials. It was first discovered in > the wild by Netcraft on Oct. 27. As this proof-of-concept > illustrates, because the username/password fields need not be > visible on the page, your password can be stolen in an almost > completely transparent fashion. PoC here: > http://www.info-svc.com/news/11-21-2006/rcsr1/ > Looks like this also affects FireFox 1.5.08.
