With the upcomng release of Vista and IE7, Microsoft is putting Mozilla on notice that it go through the open source program with a fine tooth comb looking for security flaws. Robert Chapin, an independent IT consultant and Microsoft- certified systems engineer, found a good one today. Firefox is susceptible to a hack - the reverse cross-site request - that reveals a user's stored passwords, NewsFactor reports.

On sites that allow users to enter HTML into a form, a hacked form can trick Firefox into sending its stored usernames and passwords. Because the site would be otherwise trustworthy, the antiphishing mechanism won't kick in - and because the form can be invisible, it would be impossible to visually identify a compromised site.

It's a thin line of distinction for Microsoft, though, because Redmond admits IE is also susceptible to RCSRs, but Firefox's method of storing passwords makes it a more likely target. Concerned? Turn off password autosave (Tools/Options menu.)