CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-121
Firefox Password Manager Information Disclosure Vulnerability

Original Issue Date: November 27, 2006

Severity Rating: Low

Systems Affected

Mozilla Firefox 1.x
Mozilla Firefox 2.x

Overview

A vulnerability has been reported in Firefox which could be exploited by remote attackers to conduct phishing attacks.

Description

A vulnerability has been reported in Firefox due to failure of Password Manager to notify users before filling in saved user credentials into web forms. This vulnerability could be exploited by remote attackers to steal sensitive information of users which is automatically filled into forms and conduct phishing attacks.

Workaround

Disable the "Remember passwords for sites" option in the preferences.

References

Original Advisory
http://www.info-svc.com/news/11-21-2006/

Secunia
http://secunia.com/advisories/23046/

Security Focus
http://www.securityfocus.com/bid/21240/info

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2006-121 Firefox Password Manager Information Disclosure Vulnerability

CERT-In Vulnerability Note CIVN-2006-121
Firefox Password Manager Information Disclosure Vulnerability