MySpace faces Firefox risk


MySpace faces Firefox risk

Firefox’s browser is making it possible for cybercriminals to steal user information on websites where users create their own pages, according to some security researchers.

Firefox’s Password Manager software can be tricked into sending password information to an attacker’s website and creating forms. The problem could affect blogging and social networking sites such as

The attack has already been used in one MySpace phishing attack reported in late October. In that attack, users registered a MySpace account named login_home_index_html and used it to host a fake log-in page that exploited the flaw.

This page sent MySpace username and password information to another website; and MySpace users who visited the page using Firefox could have had their information compromised. Firefox developers have already labelled the bug as critical, according to the project’s Bugzilla database.

The flaw arises because Firefox’s Password Manager does not perform a thorough enough check when it is deciding whether to send password information. Furthermore, it does not then ensure that password information is being sent to the server that requested it.

As soon as a site becomes popular, you can bet someone will want to find a way to attack it. You can expect more attacks on MySpace in future, with browser insecurity being just one method. Expect them to have a motive of financial gain too.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy