Note: This information, released on December 20th, updates an earlier vulnerability reported in Firefox. You are advised to allow automatic updates of Firefox from Mozilla.
Affected: Mozilla Firefox versions 2.0.1 and prior
Description: Mozilla Firefox's password manager component contains an
information disclosure weakness. The password manager can be used to
automatically fill out username and password forms. If this capability
is used on web pages that can have arbitrary HTML code included by an
attacker, the attacker could gain these username and password entries.
This vulnerability can be exploited to conduct phishing attacks such as
stealing MySpace passwords etc.
A proof of concept for this vulnerability is publicly available.
Status: Mozilla confirmed, updates available.
http://www.securityfocus.com/bid/21240