Developers Archive for the 'Advanced Php Issues' Category

Next Entries »

A new password flaw found in Firefox 2

A new password flaw found in Firefox 2 Friday, January 12th, 2007

Mozilla’s Firefox 2.0 has long been considered a safer Web browser than Microsoft’s Internet Explorer, but a new flaw in the Firefox Password Manager, which lets users store usernames and passwords for trusted Web sites, could let hackers steal their login data.

The problem, known as a reverse cross-site request, or RCSR, was first discovered by Robert Chapin, a Microsoft Certified Systems Engineer (MCSE) and I.T, consultant. The RCSR appears on blogs, message boards, or group forums that let users add comments with embedded HTML code.

On sites that allow users to enter code, a hacker can embed a form that tricks the user’s browser into sending its username and password information to the hacker’s computer. Because the form is embedded on a trusted Web site, the browser’s built-in antiphishing protection, which is designed to alert users to fraudulent Web sites, does not detect the problem.�

When will this flaw be fixed?

The Mozilla Foundation (the group behind the firefox browser) has classified it as Bug #360493 and also announced that it will be fixed in version 2.0.0.1 or 2.0.0.2.

This attack can be avoided by disabling the browsers’ autosave features for usernames and passwords. In Firefox, the feature is found in the “Options� window under the “Tools� menu.

Posted in Advanced Php Issues | No Comments »

Next Entries »
All material @ copyrighted by chrisranjana.com. If you want to link to this article you are welcome to do so. Unauthorized publication is strictly prohibited. This developer tutorial website contains articles by Php programmers , Software developers, Mysql programmers and asp c# programmers. This website also contains ajax tutorials and advanced mysql sql stored procedures and functions tutorials and sample codes.