[Full-disclosure] remember password manager..
security at xssed.com
Sun Mar 16 05:51:59 GMT 2008
Solution Status: Unpatched
The vulnerability is caused due to the Password Manager not properly
checking the URL before automatically filling in saved user credentials
into forms. This may be exploited to steal user credentials via malicious
forms in the same domain.
(or if the site has any xss)
And i can confirm it's still unfixed in 188.8.131.52.. do you guys keep saving
your passwords? :P
Full-Disclosure is hosted and sponsored by Secunia.