Heise Security has a demonstration of the vulnerability on its website to allow users to determine whether they are vulnerable to the attack.
However, some developers and commentators have questioned whether this constitutes a vulnerability in the browser, as it requires the attacker to place malicious code on the web server.
If an attacker can place script code on a server, they would be able to manipulate the pages anyway, and would have other ways to steal user access data.
Password flaw hits Firefox and Safari
By Staff Writers on Jul 26, 2007 6:55AM