You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.1) > MFSA 2005-19

Mozilla Foundation Security Advisory 2005-19

Title: Autocomplete data leak
Severity: Moderate
Risk: Moderate
Reporter: Matt Brubeck
Products: Firefox

Fixed in: Firefox 1.0.1

Description

As users downarrow through autocomplete choices each is copied in turn into the input control. A malicious site could create a page that autocompletes some common data (such as phone number or SSN) and potentially convince a user to arrow through the values. Script on the page could watch the values as they are added and copy them into a hidden field for submission to the site.

Workaround

Turn off the Form Fill feature.

References