Both the Mozilla Foundation's Firefox 2 and Microsoft's Internet Explorer 7 web browsers are vulnerable to a flaw that could allow attackers to steal passwords.
Dubbed a Reverse Cross Site Request vulnerability (RCSR) by its discoverer Robert Chapin, the flaw allows hackers to compromise users' passwords and usernames by presenting them with a fake login form. Firefox Password Manager will automatically enter any saved passwords and usernames into the form.
The data is then automatically sent to an attacker's computer without the user's knowledge, according to the Chapin Information Services (CIS) site.
http://www.linuxlinks.com/portal/news/article.php?story=20061122133157191