Dangerous hole in Firefox

Had to happen sometime:

p2pnet.net News:- Are you one of those people who lets Firefox save your passwords so you don't have to type them in again?

That might not be such a good idea, Robert Chapin tells p2pnet.

That's because he's found a new security hole in the Mozilla Firefox web browser he's calling a Reverse Cross-Site Request (RCSR).


What I find interesting about all of this is the fact that some people will still save their passwords, regardless of this hole.

The vulnerability exposes saved passwords and could affect anyone visiting a weblog or forum website that allows user-contributed HTML codes to be added, says Chapin, who runs Chapin Information Services.

"RCSR attacks are also actively targeting Microsoft Internet Explorer, however a flaw in Firefox makes the attack much more likely to succeed," says Chapin on his site.

Although this hole is dangerous, people can just avoid this mess altogether and improve themselves by just remembering their passwords. Either that or work out some complicated password scheme so you won't have to rely so much on Firefox