Most of us don’t think twice before saving sensitive information in our browser’s auto-fill database. After all, browsers are desktop applications that reside on our system. So, any data we store in our browser should remain private, right? Wrong.
Jeremiah Grossman, CTO of White Hat Security, has managed to uncover security holes in each of the major browsers that can be exploited by booby trapped websites to gain access to sensitive information.
Internet Explorer 6 and 7 can also be exploited in a similar fashion. However, Internet Explorer 8 appears to be safe for the moment. If you are using the any of the affected browsers, it’s highly recommended that you disable the in-built AutoFill functionality for the time being.
The Register is also reporting that Grossman has discovered critical XSS (cross-site scripting) vulnerabilities in Firefox and Chrome, which can be exploited to gain access to stored website passwords. Grossman is expected to reveal more at the Black Hat Security Conference, which is going to be held next week.