A bug discovered within Mozilla’s Firefox Web browser enables online scammers to more easily steal log-in and password information from Web surfers who use the browser to visit pages that enable users to build their own HTML forms, such as blogs and social networking sites like MySpace.com, the IDG News Service reports via PCWorld.com.The news comes from Robert Chapin, president of Chapin Information Services, who said the issue has to do with Firefox’s Password Manager software, according to the IDG News Service. Said software can be duped into sending the log-in and password information of Web surfers who visit compromised pages to attackers’ sites, the IDG News Service reports.The Password Manager software within Firefox does not perform adequate analysis in deciding whether to send off password information and doesn’t make sure the server to which it sends such material is the same one that originally requested it, Chapin said, according to the IDG News Service.The flaw was recently exploited as part of a phishing attack on MySpace users, according to the IDG News Service. In that instance, a MySpace account was created and registered under the name login_home_index_html to host a faux page that could steal users’ password information. The fake page was designed to send off such information to a separate website, and any users who visited it while employing Firefox could have fallen victim to the exploit, the IDG News Service reports. Developers of the Firefox browser have classified the flaw as critical, according to the IDG News Service.Chapin said users of Microsoft’s popular Internet Explorer (IE) browser are also at risk due to a similar flaw in that software; however, those users are less likely to fall victim to the scam than Firefox users because IE does a better job of making sure the log-in form submitted to it comes from the appropriate source and not a suspect server, according to the IDG News Service. Chapin’s description of the flaw—as well as a demonstration on how it works—is available here.Related Links: MySpace Users Targeted by Phishing Attacks (CSOonline.com) Mozilla-Funded Study: Firefox 2 Tops IE 7 in AntifraudCheck out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content feature Key IT initiatives reshape the CIO agenda While cloud, cybersecurity, and analytics remain top of mind for IT leaders, a shift toward delivering business value is altering how CIOs approach key priorities, pushing transformative projects to the next phase. By Mary Pratt May 30, 2023 10 mins IT Strategy IT Leadership opinion Managing IT right starts with rightsizing IT for value While there are few universals when it comes to saying unambiguously what ‘managing IT right’ looks like, knowing how to navigate the limitless possibilities of IT is surely one. By Thornton May May 30, 2023 6 mins Digital Transformation IT Strategy IT Leadership feature Red Hat embraces hybrid cloud for internal IT The maker of OpenShift has leveraged its own open container offering to migrate business-critical apps to AWS as part of a strategy to move beyond facilitating hybrid cloud for others and capitalize on the model for itself. By Paula Rooney May 29, 2023 5 mins CIO 100 Technology Industry Hybrid Cloud feature 10 most popular IT certifications for 2023 Certifications are a great way to show employers you have the right IT skills and specializations for the job. These 10 certs are the ones IT pros are most likely to pursue, according to data from Dice. By Sarah K. White May 26, 2023 8 mins Certifications Careers Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe