Critical flaw in Firefox and IE allows password theft

November 26, 2006
by

Users of both Mozilla’s Firefox and Microsoft’s Internet Explorer are at risk of having their saved passwords stolen, according to security researcher Robert Chapin, president of Chaplin Information Services.

The risk arises because the password manager of each browser can be tricked into handing over saved passwords to fake login pages. Chaplin has dubbed this Reverse Cross-Site Request [RCSR] vulnerability

Users of social networking services such as MySpace, and visitors to forums and blogging services are most at risk, because pages at these types of sites can be modified using HTML code to make them look like login pages to the browser’s password manager. Because the URLs of such pages look legitimate, the password manager is tricked into handing over the password.

The technique has already been used to steal MySpace user passwords, according to Chaplin. 

Both Microsoft and Mozilla have been notified about security vulnerability.



Related Posts:

Posted in Internet, Microsoft | 3 Comments » Read more from

3 Responses to “Critical flaw in Firefox and IE allows password theft”

  1. Biju:
    November 27th, 2006

    What Robert Chapin found was not a browser flaw, it is a myspace.com flaw due to insufficient sanitizing done by myspace.com on user submitted content.

    Cross site form submit is a features very much used around 10 years or more. If you stop that even big sites like Bank of America or many sites useing MS passport.net service will stop functioning.

    As of Nov 26, I have not seen mozilla.org acknowledge it as a flaw.
    see http://www.mozilla.org/projects/security/known-vulnerabilities.html

    and bug https://bugzilla.mozilla.org/show_bug.cgi?id=360493

    It is sad that media repeating the same story with out consulting relevant people.

  2. melon:
    November 28th, 2006

    Don’t worry. Mozilla fixes the bugs faster them other browser, becouse is faster. Did you know that you can significantly speed up Firefox? You can find manual how to easily speed up Firefox over here: http://www.mozila.pl/firefox-speed-up.html

  3. mozila:
    April 17th, 2007

    the history has shown that Firefox is safer than IE so I don’t think that there is a reason to be afraid of. Just get FF and surf the web faster http://www.mozila.com.pl

Leave a Reply:


Recent stories

Featured stories

RSS Windows news

RSS Mac news

RSS iPad news

RSS iPhone & Touch

RSS Mobile technology news

RSS Tablet computer news

RSS Buying guides

RSS PS3/Wii/Xbox 360

RSS Green technology

RSS Photography

Featured Content

Check out our:

Archives

Copyright © 2012 Blorge.com NS