Mozilla Firefox Information Disclosure

Started by Eric the Red, December 28, 2006, 08:57:09 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Eric the Red

December 28, 2006, 08:57:09 AM
Note: This information, released on December 20th, updates an earlier vulnerability reported in Firefox. You are advised to allow automatic updates of Firefox from Mozilla.

Affected: Mozilla Firefox versions 2.0.1 and prior

Description: Mozilla Firefox's password manager component contains an
information disclosure weakness. The password manager can be used to
automatically fill out username and password forms. If this capability
is used on web pages that can have arbitrary HTML code included by an
attacker, the attacker could gain these username and password entries.
This vulnerability can be exploited to conduct phishing attacks such as
stealing MySpace passwords etc.

A proof of concept for this vulnerability is publicly available.

Status: Mozilla confirmed, updates available.

http://www.securityfocus.com/bid/21240
"The time to start running is around about the "e" in "Hey, you!" "
Print
Go Up Pages1
User actions