Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness

info
discussion
exploit
solution
references

Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness

Attackers use standard HTML-design utilities and webserver applications to exploit this issue.

A proof of concept by Chapin Information Services is available at the following location where a browser can be tested for this weakness:

RCSR Proof of Concept: http://www.info-svc.com/news/11-21-2006/rcsr1/