http://secunia.com/advisories/23046/
Solution Status: Unpatched The vulnerability is caused due to the Password Manager not properly checking the URL before automatically filling in saved user credentials into forms. This may be exploited to steal user credentials via malicious forms in the same domain. (or if the site has any xss) And i can confirm it's still unfixed in 2.0.0.12.. do you guys keep saving your passwords? :P Kevin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
