- Worldstart's Tech Tips And Computer Help - http://www.worldstart.com -

Firefox 2 Password Exploit

I read something about a password exploit in Firefox 2 the other day. Is this true and if it is, what all does it mean?

Yes, unfortunately, it is true. On November 21, 2006, Mozilla announced that there is a flaw in the new Firefox 2’s password manager. The Chapin Information Services (CIS) company is actually who discovered it first. Basically, the exploit consists of a flaw that exposes saved passwords to possible computer attackers.

With this being such a new type of attack, CIS has categorized it under the name of a Reverse Cross-Site Request (RCSR) vulnerability. This flaw affects anyone who visits a Web blog or any kind of forum Web site that allows HTML codes to come through. If you use Firefox 2 and are part of any blog or forum that uses HTML code, you may be under a possible risk.

Now, what happens with this is that the password manager that works with Firefox 2 can be exploited and therefore, is able to send username and password information to an attacker’s computer without the original user ever knowing. So, even though you may think you’re visiting a safe Web site, your information may be stolen in this way.

This mostly affects Firefox 2, but the RCSR attacks are also known to affect Internet Explorer as well. So, if you use either of those browsers, be aware. This exploit was also found on the MySpace Web site awhile back. There was a fake login page that came up and prompted the user to type in their e-mail address and password. The information from that then went directly to an attacker’s computer.

In earlier years, there have been attacks by the name of Cross-Site Request Forgery (CSRF), but now the RCSR flaws have come about. The difference between the two is the direction of the data flow. CSRF attacks commonly add information to the actual blog or forum without the user knowing it, while the RCSRs actually takes the information from the blog or forum and creates a form that the user has to fill out. That information then goes directly back to the hacker. Either way, they are able to get your personal information. The RCSR attacks are actually known to work better as well, because neither Firefox or Internet Explorer are set up to check the forms before a user submits them.

This exploit is known as error number 360493, so just keep your eye out for it. Mozilla has already begun the repair work on this one, so it should be back to normal soon. Until then, if you have to use your blog or forum, don’t fill out any unusual forms with any of your personal information. Better yet, don’t visit the sites where your blog or forum takes place until the issue is completely resolved. I will try to keep you up to date on the fix for this flaw. Until then, just please keep yourself and your computer as safe as possible by being very cautious.

~ Erin