Firefox, IE Vulnerable to Password Theft
Frequent visitors to blogs and Internet forums may be particularly at risk of identity theft due to an exploit that prompts the Firefox and Internet Explorer password managers to give away their protected information. Both Mozilla and Microsoft have acknowledged the problem and are working on fixes.
A software security researcher has warned that the password manager features of Mozilla’s open source Firefox 2.0 and Microsoft’s (Nasdaq: MSFT) Internet Explorer (IE) Web browsers could be exploited, placing unsuspecting users at risk.
Users of Firefox or Explorer, both of which may be vulnerable to the attack known as “Reverse Cross Site Request” (RCSR), are not fooled directly by the password theft exploit. (more…)