A flaw in Mozilla Firefox’s Password Manager allows the sending of password information to a remote user’s Web site. This attack scenario can only work on Web sites that allows the creation of HTML forms, such as blogs and social networking sites like MySpace.com.
Firefox’s developers rate this flaw as Critical and have observed that it results from Password Manager’s lack of steps in checking if it is sending password information to the correct server. More information about this vulnerability is detailed in Mozilla project’s Bugzilla database.