Firefox exploit allows password-stealing

Posted on Tuesday, Jul 24 2007 @ 18:44 CEST by Thomas De Maesschalck
Security researchers have found a new critical bug in Firefox 2.0.0.5 which allows malicious websites to steal your passwords if you have JavaScript enabled and allow Firefox to remember your passwords.
The Mozilla team fixed a similar flaw last November, one which did not require JavaScript. The heise Security Web site contains a demo/proof of concept of the vulnerability risk that you can use to determine your vulnerability.

The original flaw was referred to as reverse cross-site scripting and was reportedly widely used on Myspace.com.
Source: Linux.com


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments