Firefox vulnerable to username and password theft
Firefox is not having a good week. Hot on the heels of the "Hey Mozilla: Quotes are not legal in a URL" embarrassment, a vulnerability that exposes the usernames and password of FF users has been reported that apparently affects Firefox 188.8.131.52 and earlier.
To quote Heise Security, "Firefox, if allowed, can store usernames and passwords. If you visit a login page again, the password is then entered automatically. But this means, that a second, evil page on the same server could steal those saved passwords."
Demonstration page here:
This vulnerability holds a real potential for harm in the current internet environment wherein criminals are hacking into servers all over the world and inserting malicious code on legitimate Web pages - code that tries to take advantage of various security exploits affecting Firefox, Opera and IE to infect a visitor's Web browser. It would be a simple matter for the criminals to also upload an "evil page" to a hacked server to capture usernames and passwords of FF users.