Related information

Mozilla Firefox / Seamonkey multiple security vulnerabilities

Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox

iDefense Security Advisory 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability

Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability

Mozilla Firefox 3.5.3 Local Download Manager Exploit

From:	MOZILLA
Date:	28.10.2009
Subject:	Mozilla Foundation Security Advisory 2009-52

Mozilla Foundation Security Advisory 2009-52

Title: Form history vulnerable to stealing
Impact: Moderate
Announced: October 27, 2009
Reporter: Paul Stone
Products: Firefox

Fixed in: Firefox 3.5.4
 Firefox 3.0.15
Description

Security researcher Paul Stone reported that a user's form history, both from web content as well as the smart location bar, was vulnerable to theft. A malicious web page could synthesize events such as mouse focus and key presses on behalf of the victim and trick the browser into auto-filling the form fields with history entries and then reading the entries.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=511615
   * CVE-2009-3370