InformAction Forums

I saw an article on The-H today, about the auto-complete feature being tricked to disclose passwords and private data on hidden form fields. Javascript is being used for this attack. I understand NoScript would prevent this attack on blacklisted sites. Does NoScript provide protection against this type of attack, even on sites that I allow?

http://www.h-online.com/security/news/i ... 43122.html

The most serious bug described in that article affects Safari, which allows any site to guess your previously entered text box values.

Firefox, like any other browser, can be victim of autocomplete (especially password-stealing) attacks on the very web site where these passwords are meant to be used.
To mount an attack, the malicious party must exploit a XSS vulnerability, in order to run attacker-controlled JavaScript onto the trusted website.
Fortunately NoScript DOES prevent XSS attacks from succeed, so yes, if you're a NoScript user you're protected everywhere.