Firefox 2 and Microsoft's Internet Explorer 7 web browsers are vulnerable to a flaw that could allow attackers to steal passwords it has been found.
Called the Reverse Cross Site Request vulnerability (RCSR) by its discoverer Robert Chapin, the flaw allows attackers to get users passwords and usernames by presenting them with a fake login form.
Firefox Password Manager will automatically enter any saved passwords and usernames into the form which it seems is part of the problem.
The Password Manager component of Firefox can be exploited to send a username and password combination to an attacker's computer without the user's knowledge.
"This may be a new breed of phishing attack unique to websites with user-contributed HTML", said Chapin on a Mozilla bug reporting site.
According to Chapin, "Users of both Firefox and Internet Explorer need to be aware that their information can be stolen in this way when visiting blog and forum websites at trusted addresses".
According to Chapin, Microsoft already knows about the issue and is "aware of the issue".
Before you resist from using the Internet at all, for the attack to work the user to follow a malicious link or form button.
"Webmasters have little recourse against stopping the attacks from happening. The only effective measure would be to remove all