Submitted by: kirkland on Saturday November 25th, 2006 at 05:43 PM EST

Frequent visitors to blogs and Internet forums may be particularly at risk of identity theft due to an exploit that prompts the Firefox and Internet Explorer password managers to give away their protected information. Both Mozilla and Microsoft have acknowledged the problem and are working on fixes.

A software security researcher has warned that the password manager features of Mozilla's open source Firefox 2.0 and Microsoft's Internet Explorer (IE) Web browsers could be exploited, placing unsuspecting users at risk.

Users of Firefox or Explorer, both of which may be vulnerable to the attack known as "Reverse Cross Site Request" (RCSR), are not fooled directly by the password theft exploit. Instead, it provides a fake login site that fools a browser's saved password feature into automatically providing the information, Robert Chapin, president of Chapin Information Services, reported.

Both Microsoft and Mozilla acknowledged the issue, with the former referring to an investigation, and the latter, which has a bug report on the issue, advising users to turn off the password manager in Firefox until it is fixed.

» Full story @ Tech News World