hiredhacker.com

Mozilla marked Bug ID 413250 as ‘RESOLVED FIXED’ on Tuesday. I got a chance to check out the fix today, and found that the fix is inadequate in stopping the attack. Here’s another demo that reads your session store, and like before, uses the Download Statusbar extension.

steal_sessionstore2.html.