Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2005-19

Autocomplete data leak

Announced
February 24, 2005
Reporter
Matt Brubeck
Risk
Moderate
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 1.0.1

Description

As users downarrow through autocomplete choices each is copied in turn into the input control. A malicious site could create a page that autocompletes some common data (such as phone number or SSN) and potentially convince a user to arrow through the values. Script on the page could watch the values as they are added and copy them into a hidden field for submission to the site.

Workaround

Turn off the Form Fill feature.

References