Phishers Lurk For Firefox 2.0 Password Manager

by admin November 22, 2006 at 1:07 pm

Using Mozilla Firefox’s built-in Password Manager to keep track of your browser’s passwords? It makes site logins faster but it also could help malicious sites steal your passwords.

The bug, which has been known to Mozilla for at least 10 days, remains unpatched and exploits as well as a proof of concept exist in the wild.

“I was shocked today to find an in-the-wild phish that uses nothing more than cross-site forms, and also extracts information from the Password Manger!” Security Researcher Robert Chapin wrote in a November 12tth e-mail posted in the bugzilla bug tracking system.

“The underlying method was so obvious that it should have raised multiple warnings,” Chapin continued. “There were none at all.”

Read more: internetnews.com