You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.1) > MFSA 2005-19
Mozilla Foundation Security Advisory 2005-19
Title: Autocomplete data leak
Reporter: Matt Brubeck
Fixed in: Firefox 1.0.1
As users downarrow through autocomplete choices each is copied in turn into the input control. A malicious site could create a page that autocompletes some common data (such as phone number or SSN) and potentially convince a user to arrow through the values. Script on the page could watch the values as they are added and copy them into a hidden field for submission to the site.
Turn off the Form Fill feature.