Oh, Sh!t! Firefox is unsafe for storing passwords

Recently I read this article and was stunned by information in it.
It appears that firefox is very unsafe in storing passwords. Using "storing login information" feature can result in sending sensitive information to third-party (that is, stealing your private information) sites. A simple javascript autosubmits an html form that contains fields with login and passwords and though they're not fillded in, during autosubmit this information is being sent out.
Frankly, i'm dissapointed. I haven't figured out possible ways for practical usage of this critical security hole (I just put myself on the place of potential hackers) because the html form is located on the site where this information to be submitted. so apriori you voluntareely submit it, but i'm not a hacker at all and may not know on some efficient ways for stealing security information in the way described above.
Looking forward to explanations and updates from Mozilla team.


Post a Comment

<< Home