FIXED in 3.5.4/3.0.0.15: Autocomplete Data Theft in Firefox
Links: home · search · speed test · login · more ·
Links: Reply New Topic
Forums » Security » Security » FIXED in 3.5.4/3.0.0.15: Autocomplete Data Theft in Firefox
SUMware @ 5th Nov 10:12AM:
FIXED in 3.5.4/3.0.0.15: Autocomplete Data Theft in Firefox
I posted this so that 'nobody' else would need to. ;-)
From SecurityFocus
4 November 2009
Description:
------------
A malicious web page can extract out all the data stored within the autocomplete history of a user's Firefox browser. The web page must convince a user to hold down the left or right-arrow keys then the contents of the autocomplete popup can be read. This may includes the search history box within the browser, or other personal details.
However, it was not possible for synthetic events to cause the text field to be filled with the current entry. Therefore some user interaction is required to enable the web page to steal the contents of the drop-down. If a web page can convince a user to hold down or repeatedly press the left or right-arrow keys, it can systematically grab each entry in the drop-down box.
Resolution
----------
Mozilla fixed this issue in the 3.5.4 and 3.0.0.15 releases of Firefox:
»www.mozilla.org/security/announc···-52.html
Technologies Affected
---------------------
Mozilla Firefox 3.5.3 and below
Mozilla Firefox 3.0.0.14 and below
CVE
---
This issue has been assigned CVE number CVE-2009-3370.
reply
La Luna @ 5th Nov 10:22AM:
Re: FIXED: Autocomplete Data Theft in Mozilla Firefox
Thank you for posting this before you-know-who. :D
Thanks for the info, INCLUDING the important part.......the fact that the issue has been fixed.
reply
PrntRhd @ 5th Nov 10:32AM:
Re: FIXED: Autocomplete Data Theft in Mozilla Firefox
said by La Luna :
Thank you for posting this before you-know-who. :D
Thanks for the info, INCLUDING the important part.......the fact that the issue has been fixed.
That never stopped you-know-who before, who might still post it as current.
reply
Boricua65 @ 5th Nov 10:34AM:
Re: FIXED in 3.5.4/3.0.0.15: Autocomplete Data Theft in Firefox
So is it fair to say since I haven't "press the left- or right-arrow keys" then I should be okay? My saved username and passwords comes up automatically (except for sites that doesn't allow it) and I just click on the log in link.
--
Illegal aliens have always been a problem in the United States. Ask any Indian. Robert Orben
reply
ironwalker @ 5th Nov 12:25PM:
Re: FIXED in 3.5.4/3.0.0.15: Autocomplete Data Theft in Firefox
Will auto complete being off matter?
No saved passwords or a password manager?
0 set for saved history?
I think I am good.
reply
tempnexus @ 5th Nov 12:39PM:
Re: FIXED: Autocomplete Data Theft in Mozilla Firefox
said by PrntRhd :said by La Luna :
Thank you for posting this before you-know-who. :D
Thanks for the info, INCLUDING the important part.......the fact that the issue has been fixed.
That never stopped you-know-who before, who might still post it as current.
Neah Voldermort will post in about 5 days as current. Just enough time for this thread to get down to 2nd page.
thank god I have Voldemort blocked so I never see his posts.
reply
Doctor Four @ 5th Nov 03:44PM:
Re: FIXED in 3.5.4/3.0.0.15: Autocomplete Data Theft in Firefox
Actually, I think his name here begins with "m" and ends with "a", and has 7 letters in it. :D
reply
quatrix @ 5th Nov 05:50PM:
Re: FIXED in 3.5.4/3.0.0.15: Autocomplete Data Theft in Firefox
said by SUMware :
I posted this so that 'nobody' else would need to. ;-)
Nobody needed to in the first place. Should I report what issues are fixed in XP SP3?
reply
SUMware @ 5th Nov 05:53PM:
Re: FIXED in 3.5.4/3.0.0.15: Autocomplete Data Theft in Firefox
said by quatrix :
Should I report what issues are fixed in XP SP3?
Do as you wish... :D
reply
tempnexus @ 6th Nov 06:46PM:
Re: FIXED in 3.5.4/3.0.0.15: Autocomplete Data Theft in Firefox
I am well aware of his name.
In my book he is "the one who shall not be named" aka voldemort. :)
reply
Its a Secret @ 6th Nov 07:01PM:
Re: FIXED: Autocomplete Data Theft in Mozilla Firefox
said by La Luna :
Thank you for posting this before you-know-who. :D
Oh, you mean, He-who-must-not-be-named? :D
said by tempnexus :
I am well aware of his name.
In my book he is "the one who shall not be named" aka voldemort. :)
Arggh! You said it!
Hail Mary, full of Grace...
reply
La Luna @ 6th Nov 09:01PM:
Re: FIXED in 3.5.4/3.0.0.15: Autocomplete Data Theft in Firefox
said by quatrix :said by SUMware :
I posted this so that 'nobody' else would need to. ;-)
Nobody needed to in the first place. Should I report what issues are fixed in XP SP3?
I think you missed the point of the reference to nobody and why it's important to note that the issue has been fixed.
--
You can chain my body to the earth, but still my spirit flies!
KEEP THE GOVERNMENT OUT OF HEALTHCARE
14,340 DEADLY TERROR ATTACKS SINCE 9/11
reply
Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC