Mozilla Foundation Security Advisory 2011-14

Information stealing via form history

Announced
April 28, 2011
Reporter
Paul Stone
Impact
Moderate
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.5.19
  • Firefox 3.6.17
  • SeaMonkey 2.0.14

Description

Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history.

Firefox 4 was not affected by this issue.

References