The Mozilla team fixed a similar flaw last November, one which did not require JavaScript. The heise Security Web site contains a demo/proof of concept of the vulnerability risk that you can use to determine your vulnerability.Source: Linux.com
The original flaw was referred to as reverse cross-site scripting and was reportedly widely used on Myspace.com.
Firefox exploit allows password-stealing
Posted on Tuesday, July 24 2007 @ 18:44 CEST by Thomas De Maesschalck