On 12/2/10 1:58 AM, thorsten wrote:
The Concept:
Simple explanation: If the user is about to send his password to a
page he never visited before he is warned.
Seems like this could be easily bypassed by a phishing page that uses JS
to listen for keypress events (as the password is typed). Or even,
depending on how/when you check, simple obfuscation of the submitted value.
Justin
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security