Firefox 2, IE7 Login Exploit

Dennis Faas's picture

The whole point of releasing Mozilla's Firefox 2 and Microsoft's Internet Explorer 7, aside from some flashy buttons and a few bucks for the makers, was to upgrade the security of each browser.

And although the first Firefox was heralded as a divinely secure gift from the web surfing Gods (in the wake of IE6's massive loopholes), both Firefox 2 and Internet Explorer 7 are reportedly susceptible to a new and potent login spoof, which gives hackers the ability to easily swipe passwords and other sensitive information.

Like Taking Candy From A Baby

According to security guru Robert Chapin, web criminals can phish for passwords by creating a forged login screen. Because Firefox's overly trustworthy Password Manager enters passwords into web forms by default, all the hacker needs to do is wait patiently as the information is plugged in. Once this is done, sensitive data can then be redirected back to the hacker. (Source:

Thus far, the key to the hack is that the user must be revisiting a trusted website. That's the only way that a standard Password Manager -- found in either Mozilla or Microsoft -- will automatically re-enter login and password information without prompting the user to do so. Still, it's something even the average web surfer does every day, making the problem particularly concerning.

However, the potential for such a crime requires the hacker do a lot of work. He/she must first create a fake login on a website that users will visit, or hack into an already established and trusted web source in order to inject the fake login code. Either way, the result probably isn't worth it for most attackers. (Source:

Regardless, it's an indication that there are already major security problems with the web's newest browsers, and this last issue should keep both Microsoft and Mozilla busy for some time.

| Tags:
Rate this article: 
No votes yet