Description: A vulnerability has been discovered in Firefox, which can be exploited by malicious people to conduct phishing attacks.
The vulnerability is caused due to the Password Manager not properly checking the URL before automatically filling in saved user credentials into forms. This may be exploited to steal user credentials via malicious forms in the same domain.
The vulnerability is confirmed in version 2.0.0, 2.0.0.2 and 1.5.0.10. Other versions may also be affected.
Solution: Disable the Password Manager in the preferences.
Provided and/or discovered by: Robert Chapin and RSnake
Changelog: 2006-11-24: Added additional references. Updated "Provided by" section.
2006-11-28: Added CVE reference.
2007-02-24: Updated "Solution" section.
2007-03-05: Updated "Solution" section. The vulnerability is not fixed properly.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.