On Dec 6, 4:02 pm, Justin Dolske <dol...@mozilla.com> wrote: > On 12/2/10 1:58 AM, thorsten wrote: > > > The Concept: > > > Simple explanation: If the user is about to send his password to a > > page he never visited before he is warned. > > Seems like this could be easily bypassed by a phishing page that uses JS > to listen for keypress events (as the password is typed). Or even, > depending on how/when you check, simple obfuscation of the submitted value. > > Justin
Bingo. That's why IE never shipped this feature. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
