Jump to content
Ban Hammer

Firefox 2 Browser Struck by Password Flaw

By Ban Hammer in Off Topic

 Share

3 posts in this topic

Recommended Posts

Ban Hammer Grand Master

Ban Hammer   13,333

Posted
Filed: Citizen (apr) Country: Brazil
 Timeline
Posted

Mozilla's Firefox 2.0 has long been considered a safer Web browser than Microsoft's Internet Explorer, but a new flaw in the Firefox Password Manager, which lets users store usernames and passwords for trusted Web sites, could let hackers steal their login data.

The problem, known as a reverse cross-site request, or RCSR, was first discovered by Robert Chapin, a Microsoft Certified Systems Engineer (MCSE) and I.T, consultant. The RCSR appears on blogs, message boards, or group forums that let users add comments with embedded HTML code.

On sites that allow users to enter code, a hacker can embed a form that tricks the user's browser into sending its username and password information to the hacker's computer. Because the form is embedded on a trusted Web site, the browser's built-in antiphishing protection, which is designed to alert users to fraudulent Web sites, does not detect the problem.

Even worse, hackers can make the deceptive form invisible, meaning users can transmit their private data without even knowing it.

The Mozilla Foundation, which maintains code for the Firefox browser, has acknowledged the problem and named it bug #360493. Microsoft has also admitted that RCSR attacks can affect Internet Explorer, but most reports indicate that Firefox is the more likely target because of the way it stores usernames and passwords.

Neither Mozilla nor Microsoft has released a patch for the problem, but users can avoid RCSR attacks simply by disabling their browsers' autosave features for usernames and passwords. In Firefox, the feature is found in the "Options" window under the "Tools" menu.

Mozilla has indicated that it plans a fix in Firefox version 2.0.0.1 or 2.0.0.2.

Most experts agree that Firefox is by and large the safer of the two major Web browsers, largely because Microsoft, on account of its size, draws more attention from hackers.

Indeed, the last two years have seen monthly and sometimes weekly reports of new bugs in Internet Explorer, letting hackers do everything from hijack a user's computer to corrupt its private data.

But Microsoft released a new version of IE -- version 7.0 -- in October, and Mozilla quickly followed suit with version 2.0 of Firefox. Both versions boast enhanced security, including antiphishing features that check Web sites against an online database of known frauds. And Internet Exporer 7 also offers much-requested improvements to the interface, such as tabbed browsing.

At present, Microsoft controls the bulk of the browser market -- estimates put IE usage at 80 percent to 90 percent -- but Firefox is nipping at its heels.

link

* ~ * Charles * ~ *
 

I carry a gun because a cop is too heavy.

 

USE THE REPORT BUTTON INSTEAD OF MESSAGING A MODERATOR!

Link to comment
Share on other sites
Hilarious Clinton Grand Master

Hilarious Clinton   452

Posted
Filed: Lift. Cond. (apr) Country: Solomon Islands
 Timeline
Posted

good tip

"The fact that we are here today to debate raising America’s debt limit is a sign of leadership failure. It is a sign that the U.S. Government can’t pay its own bills. It is a sign that we now depend on ongoing financial assistance from foreign countries to finance our Government’s reckless fiscal policies."

Senator Barack Obama
Senate Floor Speech on Public Debt
March 16, 2006



barack-cowboy-hat.jpg
90f.JPG

Link to comment
Share on other sites
caybee Proficient

caybee   21

Posted
Filed: Country: Morocco
 Timeline
Posted

Thanks for this.

I'm the USC.

11/05/2007........Conditional permanent residency effective date.

01/10/2008........Two-year green card in hand.

08/08/2009........Our son was born <3

08/08/2009........Filed for removal of conditions.

12/16/2009........ROC was approved.

11/05/2010........Eligible for Naturalization.

03/01/2011........Separated.

11/05/2012........Eligible for Naturalization.

Link to comment
Share on other sites
 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
- Back to Top -

Important Disclaimer: Please read carefully the Visajourney.com Terms of Service. If you do not agree to the Terms of Service you should not access or view any page (including this page) on VisaJourney.com. Answers and comments provided on Visajourney.com Forums are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Visajourney.com does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. VisaJourney.com does not condone immigration fraud in any way, shape or manner. VisaJourney.com recommends that if any member or user knows directly of someone involved in fraudulent or illegal activity, that they report such activity directly to the Department of Homeland Security, Immigration and Customs Enforcement. You can contact ICE via email at Immigration.Reply@dhs.gov or you can telephone ICE at 1-866-347-2423. All reported threads/posts containing reference to immigration fraud or illegal activities will be removed from this board. If you feel that you have found inappropriate content, please let us know by contacting us here with a url link to that content. Thank you.
×
×
  • Create New...