TechTarget

MySpace faces Firefox risk

Firefox’s browser is making it possible for cybercriminals to steal user information on websites where users create their own pages, according to some security researchers.

Firefox’s browser is making it possible for cybercriminals to steal user information on websites where users create their own pages, according to some security researchers.

Firefox’s Password Manager software can be tricked into sending password information to an attacker’s website and creating forms. The problem could affect blogging and social networking sites such as MySpace.com.

The attack has already been used in one MySpace phishing attack reported in late October. In that attack, users registered a MySpace account named login_home_index_html and used it to host a fake log-in page that exploited the flaw.

This page sent MySpace username and password information to another website; and MySpace users who visited the page using Firefox could have had their information compromised. Firefox developers have already labelled the bug as critical, according to the project’s Bugzilla database.

The flaw arises because Firefox’s Password Manager does not perform a thorough enough check when it is deciding whether to send password information. Furthermore, it does not then ensure that password information is being sent to the server that requested it.

As soon as a site becomes popular, you can bet someone will want to find a way to attack it. You can expect more attacks on MySpace in future, with browser insecurity being just one method. Expect them to have a motive of financial gain too.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close