Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

Shop online 24hrs a day or call us Mon-Fri
8:30AM-4:30PM EST - 1-800-915-2088
WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me
looking for freeware

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

Firefox 2 Password Exploit

Friday, December 8th, 2006 by | Filed Under: Security Help
 
Loading...


Q:
I read something about a password exploit in Firefox 2 the other day. Is this true and if it is, what all does it mean?

A:
Yes, unfortunately, it is true. On November 21, 2006, Mozilla announced that there is a flaw in the new Firefox 2’s password manager. The Chapin Information Services (CIS) company is actually who discovered it first. Basically, the exploit consists of a flaw that exposes saved passwords to possible computer attackers.

With this being such a new type of attack, CIS has categorized it under the name of a Reverse Cross-Site Request (RCSR) vulnerability. This flaw affects anyone who visits a Web blog or any kind of forum Web site that allows HTML codes to come through. If you use Firefox 2 and are part of any blog or forum that uses HTML code, you may be under a possible risk.

Now, what happens with this is that the password manager that works with Firefox 2 can be exploited and therefore, is able to send username and password information to an attacker’s computer without the original user ever knowing. So, even though you may think you’re visiting a safe Web site, your information may be stolen in this way.

This mostly affects Firefox 2, but the RCSR attacks are also known to affect Internet Explorer as well. So, if you use either of those browsers, be aware. This exploit was also found on the MySpace Web site awhile back. There was a fake login page that came up and prompted the user to type in their e-mail address and password. The information from that then went directly to an attacker’s computer.

In earlier years, there have been attacks by the name of Cross-Site Request Forgery (CSRF), but now the RCSR flaws have come about. The difference between the two is the direction of the data flow. CSRF attacks commonly add information to the actual blog or forum without the user knowing it, while the RCSRs actually takes the information from the blog or forum and creates a form that the user has to fill out. That information then goes directly back to the hacker. Either way, they are able to get your personal information. The RCSR attacks are actually known to work better as well, because neither Firefox or Internet Explorer are set up to check the forms before a user submits them.

This exploit is known as error number 360493, so just keep your eye out for it. Mozilla has already begun the repair work on this one, so it should be back to normal soon. Until then, if you have to use your blog or forum, don’t fill out any unusual forms with any of your personal information. Better yet, don’t visit the sites where your blog or forum takes place until the issue is completely resolved. I will try to keep you up to date on the fix for this flaw. Until then, just please keep yourself and your computer as safe as possible by being very cautious.

~ Erin

Leave a Reply


Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.


Enter Email Address:

Subscribe

Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup



Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Subscribe


Love Worldstart? Refer A Friend!

looking for freeware
WorldStart's Premium Membership

Tip Archive


Categories:
Archives: