Firefox 2.0 Password Manager Flaw
Mozilla is said to be working on a fix for a flaw called Reverse Cross-Site Request that, when exploited, can expose saved passwords to attackers.
RCSR attacks are also actively targeting Microsoft Internet Explorer, however a flaw in Firefox makes the attack much more likely to succeed. The Password Manager component of FireFox can be exploited to send a username and password combination to an attacker's computer without the user's knowledge.
http://www.info-svc.com/news/11-21-2006/
Mozilla is said to be working on a fix for a flaw called Reverse Cross-Site Request that, when exploited, can expose saved passwords to attackers.
RCSR attacks are also actively targeting Microsoft Internet Explorer, however a flaw in Firefox makes the attack much more likely to succeed. The Password Manager component of FireFox can be exploited to send a username and password combination to an attacker's computer without the user's knowledge.
http://www.info-svc.com/news/11-21-2006/
