Mozilla fixed a similar reverse cross-site scripting flaw in Firefox last November, but this was a lot more serious as it did not require JavaScript to be enabled.
Heise Security has a demonstration of the vulnerability on its website to allow users to determine whether they are vulnerable to the attack.
However, some developers and commentators have questioned whether this constitutes a vulnerability in the browser, as it requires the attacker to place malicious code on the web server.
If an attacker can place script code on a server, they would be able to manipulate the pages anyway, and would have other ways to steal user access data.
Until a fix is released, users are urged to disable JavaScript in their browser or avoid the use of the password manager on sites where users are allowed to post JavaScript pages.
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
_(1).jpg&h=140&w=231&c=1&s=0)
