Everyone’s favourite web browser…ok, well mine anyway, has a security vulnerability in it’s password manager.
RCSR (Reverse Cross-Site Request) attacks are also actively targeting Microsoft Internet Explorer, however a flaw in Firefox makes the attack much more likely to succeed.
The Password Manager component of FireFox can be exploited to send a username and password combination to an attacker’s computer without the user’s knowledge.
Users of both Firefox and Internet Explorer need to be aware that their information can be stolen in this way when visiting blog and forum websites at trusted addresses.
For more information and the proof of concept read on.
Tags: Firefox, Password Manager, Proof of Concept, Exploit, Cross Site
