Password Vulnerability In Firefox And Maybe Ie As Well

[PeterPeter]

Thought this might interest everyone regarding a password problem in Firefox and maybe IE as well. See this link for more details.

 

http://www.itnews.com.au/newsstory.aspx?CI...;edate=20061127

[stevevan]

Something like this was bound to happen with FF eventually!

Edited November 27, 2006 by stevevan

[TCH-Bruce]

Chaplin claims that the attack has already been used to steal the log-in details of MySpace users, who were redirected to a false log-in page where their details were harvested.

I can see this being a big issue since there are quite a few people that don't read links (URLs) before clicking on them.

 

Of course we are talking about MySpace users too.

 

Thanks for the info.

[jayson]

Thats why I use Roboform for my passwords

[carbonize]

When I first read the story I laughed because it's the usual case of a journalist reporting half truths and blowing things out of proportions to sell a story. He seems to inicate that now browsers have phishing alerts people have suddenly forgotten the years of anti phishing advice they have had drummed into them.

 

As to Firefoxs password function going off the domain as opposed to the full url I'd say this was the writers choice as opposed to a flaw.

 

seems to affect all versions of Firefox, and may also affect Microsoft's Internet Explorer.

Chapin has informed Microsoft of the problem.

So the 'problem' definetely exists in Firefox but possibly not in IE so he goes and informs the Microsoft for whom it may not be an issue but apparently does not inform Mozilla?

 

their information can be stolen in this way when visiting blog and forum websites at trusted addresses.

I have yet to see a forum script that would allow this type of HTML to be posted.