A critical flaw has been discovered in Firefox that allows the users password information to be passed to a web server by a cleverly created HTML form.  Exploits using this flaw have been found on MySpace, because MySpace (and many other similar sites) allow users to create HTML forms.   

The exploit that was executed via MySpace involved a clever Phishing lure that induced recipients to visit a specific MySpace account, whereupon the users password would automatically be revealed.

A similar exploit could be executed via many similar social networking and blog sites.

Firefox users should look for a update for this flaw in the near future. 

More information on this flaw can be found in the following ComputerWorld article:

Critical Firefox hole allows password theft

Posted on Friday, November 24th, 2006 at 9:54 am and filed under All Posts, Online Security, Privacy, Safe e-Commerce. You can follow any responses to this post through the RSS 2.0 feed. You can leave a comment, or you may trackback from your own site.