Red Hat Bugzilla – Bug 149934
CAN-2005-0589 Autocomplete data leak
Last modified: 2007-11-30 17:07:16 EST
As users downarrow through autocomplete choices each is copied in turn into the
input control. A malicious site could create a page that autocompletes some
common data (such as phone number or SSN) and potentially convince a user to
arrow through the values. Script on the page could watch the values as they are
added and copy them into a hidden field for submission to the site.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.