Firefox, IE have a serious

Both Microsoft and Mozilla browsers contain a security hole, allowing an attacker to steal user passwords with fake login pages.

The situation seems a bit more serious for Firefox, since this open source browser has a Password Manager feature, which automatically imports the username and password stored in the machine into the log-in page presented by the hacker.

After that, the data will be automatically sent to the attacker's computer without users' knowledge, the Chapin Information Services website said.

Source: CNET The first case of exploiting this vulnerability has appeared on MySpace.com virtual forum network, and according to Chapin, it can affect any blog or forum that users can interfere with content. . " Even when accessing reliable blog and forum websites, your information can still be stolen ."

According to security firm Netcraft, which discovered the incident on MySpace, the hacked login page created by hackers was stored in MySpace's own server. And since this login page doesn't have any suspicious signs such as displaying a link or redirect to another address, even the most cautious user can easily turn into a victim.

The attack came from a profile page and hackers used special HTML code to hide the real MySpace content, instead only displaying a fake login page.

According to Chapin, the likelihood of hacker success is huge because neither IE nor Firefox are designed to check the destination of login information, after the user types in.

Currently, this vulnerability has not been patched in both browsers. Security firm Secunia recommends that users turn off the "Remember site password" feature inside Firefox to limit the risk.

Trong Cam