Today, Mozilla made public bug #360493, which exposes Firefox's Password Manager on many public sites. The flaw derives from Firefox's willingness to supply the username and password stored on one page on a domain to another page on a domain. For example, username/password input tags on a Myspace user's site will be unhelpfully propagated with the visitor's Myspace.com credentials. It was first discovered in the wild by Netcraft on Oct. 27.
http://it.slashdot.org/it/06/11/21/2319243.shtml
It's hard to believe that a bug like this was not caught during testing... it's a rather serious one. I know that nobody here is childish enough to use Myspace, but that's the main target. If your friends happen to use Myspace and 2.0, tell them to be careful. There appear to be lists of usernames/passwords floating around already.
http://it.slashdot.org/it/06/11/21/2319243.shtml
It's hard to believe that a bug like this was not caught during testing... it's a rather serious one. I know that nobody here is childish enough to use Myspace, but that's the main target. If your friends happen to use Myspace and 2.0, tell them to be careful. There appear to be lists of usernames/passwords floating around already.