I have already told you that the Password Manager in Firefox 2.0 has a critical flaw that enables the hackers to easily obtain your passwords.
Well, a security researcher Robert Chapin has found that a similar flaw is also present in Microsoft Internet Explorer 7. He has named the flaws as Reverse Cross Site Request Vulnerability (RCSR).
In case of Firefox 2.0 this vulnerability is more dangerous as it encrypts the username and password into another login page so if a hacker provides a fake login page the browser feeds the password and the username into that fake page that makes some easy tickets for the hacker.
In case of IE7 the problem is not as severe and it still checks the validity of the login form before it feeds the username and the password.
There is still no fix for the problem but experts have recommended disabling the Firefox Password Manager and installing the Master Password Timeout Extension.
Via: waleg
