Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness

Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness

References:

1.5.1 Release Notes (Camino)
Bugzilla Bug 360493 (Robert Chapin)
CIS Finds Flaws in Firefox v2 Password Manager (Chapin Information Services)
Firefox Open To New XSS Flaw (David Utter)
MySpace Accounts Compromised by Phishers (Netcraft)
RHSA-2007:0077-3 - Critical: seamonkey security update (RedHat)
Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords ( fash1on@gmail.com)
critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a video (quincy@gmail.com)
Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password M (Juha-Matti Laurio)
ASA-2007-114 Firefox security update (RHSA-2007-0079) (Avaya)
HPSBUX02153 SSRT061181 rev.5 - HP-UX Running Firefox, Remote Unauthorized Access (HP)
Mozilla Foundation Security Advisory 2007-02 (Mozilla)
RHSA-2007:0077-6 - seamonkey security update (Red Hat)
RHSA-2007:0078-2 - Thunderbird security update (Red Hat)
RHSA-2007:0079-2 - Firefox security update (Red Hat)
RHSA-2007:0097-5 firefox security update (Red Hat)
RHSA-2007:0108-4 thunderbird security update (Red Hat)

Privacy Statement
Copyright 2010, SecurityFocus