My complete “Breaking Browsers: Hacking Auto-Complete” slide deck is available. I’ve put up a series of blog posts describing each of the distinct Web hacking techniques complete with proof-of-concept code, screen shots, videos, and technical explanations. Enjoy!
- Safari v4/v5 AutoFill Web form vulnerability (CVE-ID: CVE-2010-1796)
- Internet Explorer 6 & 7 stealing AutoComplete form data
- Firefox mass spoofing form auto-complete data
- Stealing passwords out of the Firefox and Chrome password manager using XSS.
- Cookie Eviction - Deleting ALL of a users cookies across ALL websites
Other closely related Auto-Complete / AutoFill bugs: