A bug discovered within Mozilla’s Firefox Web browser enables online scammers to more easily steal log-in and password information from Web surfers who use the browser to visit pages that enable users to build their own HTML forms, such as blogs and social networking sites like MySpace.com, the IDG News Service reports via PCWorld.com.The news comes from Robert Chapin, president of Chapin Information Services, who said the issue has to do with Firefox’s Password Manager software, according to the IDG News Service. Said software can be duped into sending the log-in and password information of Web surfers who visit compromised pages to attackers’ sites, the IDG News Service reports.The Password Manager software within Firefox does not perform adequate analysis in deciding whether to send off password information and doesn’t make sure the server to which it sends such material is the same one that originally requested it, Chapin said, according to the IDG News Service.The flaw was recently exploited as part of a phishing attack on MySpace users, according to the IDG News Service. In that instance, a MySpace account was created and registered under the name login_home_index_html to host a faux page that could steal users’ password information. The fake page was designed to send off such information to a separate website, and any users who visited it while employing Firefox could have fallen victim to the exploit, the IDG News Service reports. Developers of the Firefox browser have classified the flaw as critical, according to the IDG News Service.Chapin said users of Microsoft’s popular Internet Explorer (IE) browser are also at risk due to a similar flaw in that software; however, those users are less likely to fall victim to the scam than Firefox users because IE does a better job of making sure the log-in form submitted to it comes from the appropriate source and not a suspect server, according to the IDG News Service. Chapin’s description of the flaw—as well as a demonstration on how it works—is available here.Related Links:MySpace Users Targeted by Phishing AttacksKeep checking in at our CSO Security Feed page for updated news coverage. -Compiled by Al Sacco Related content brandpost How an integrated platform approach improves OT security By Richard Springer Sep 26, 2023 5 mins Security news Teachers urged to enter schoolgirls into UK’s flagship cybersecurity contest CyberFirst Girls aims to introduce girls to cybersecurity, increase diversity, and address the much-maligned skills shortage in the sector. By Michael Hill Sep 26, 2023 4 mins Back to School Education Industry IT Training news CREST, IASME to deliver UK NCSC’s Cyber Incident Exercising scheme CIE scheme aims to help organisations find quality service providers that can advise and support them in practising cyber incident response plans. By Michael Hill Sep 26, 2023 3 mins IT Governance Frameworks Incident Response Data and Information Security news Baffle releases encryption solution to secure data for generative AI Solution uses the advanced encryption standard algorithm to encrypt sensitive data throughout the generative AI pipeline. By Michael Hill Sep 26, 2023 3 mins Encryption Generative AI Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe