The flaw, according to Robert Chapin (president of Chapin Information Services) in that Firefox’s password manager can be fooled and send password information to an attacker’s website. For this attack to be effective, attackers have to be able to create HTML forms on the website, something that is allowed on blog sites and user social networks.
This vulnerability was used on MySpace in late October. In that attack, users who signed up for their MySpace account were redirected to a fake page that was used to receive user data through a fake login page to take advantage of the flaw.
Web: https://bugzilla.mozilla.org/show_bug.cgi?id=360493.
