IE and Safari lets attackers steal user names and addresses
Found on The Register on Monday, 19 July 2010
Among the most serious is a vulnerability in Apple's Safari and earlier versions of Microsoft's IE that exposes names, email addresses, and other sensitive information when a user visits a booby-trapped website. The attack exploits the browsers' autocomplete feature used to automatically enter commonly typed text into websites.
Grossman's research take those findings to new highs. In addition to the weaknesses in IE and Safari, he has uncovered flaws in Mozilla Firefox and Google Chrome that can expose passwords stored by the browsers.
Auto-completition is one of the first things being disabled in any browser setup. I've never considered that a good option from a security point of view. People try their best to have good passwords (except for a few) but at the same time let their browser save them; possibly even uncencrypted, defeating the whole purpose.