Referred to by Chapin Information Services as the Reverse Cross-Site Request (RCSR) vulnerability, they explain:
However, even though The Register is putting IE first in their headline, "IE and Firefox blighted by fake login flaw", Chapin goes on to explain that IE7 is nowhere near as vulnerable as Firefox by this vulnerability. The differences is that it will only affect IE users if the RCSR form is on the same page as a legitimate login form. With Firefox, the Password Manager will automatically pre-fill all forms with saved data."RCSR attacks are also actively targeting Microsoft Internet Explorer, however a flaw in Firefox makes the attack much more likely to succeed.
The Password Manager component of FireFox can be exploited to send a username and password combination to an attacker's computer without the user's knowledge.
Users of both Firefox and Internet Explorer need to be aware that their information can be stolen in this way when visiting blog and forum websites at trusted addresses."
No comments:
Post a Comment