Your Password Manager Might Be Ratting You Out Automatically

A very serious security flaw in Firefox Password Manager has been discovered. It may also be a problem, though less severe, in Internet Explorer.

Dubbed a reverse cross-site request, or RCSR, vulnerability by its discoverer, Robert Chapin, the flaw lets hackers compromise users' passwords and usernames by presenting them with a fake login form. Firefox Password Manager will automatically enter any saved passwords and usernames into the form. The data is then automatically sent to an attacker's computer without the user's knowledge, according to the Chapin Information Services site.

Your friends here at HotHardware suggest that you disable your Password Manager if you're using Firefox or Internet Explorer, until they come up with a patch for the problem. Or of course you can just go out Christmas Shopping today, max out all your credit cards and empty your bank accounts, and leave nothing for cyberthieves to steal anyway.

Read the whole thing here.