Enhanced spell-check may be a security risk

Thanks to a report in Security Now! and a cyber security company called Otto, attention has been draw to a couple of potential security risks in browsers relating to spell-checkers.

If you have enabled enhanced spell-checking (this can also be set as a default), then everything on a web form may be submitted as clear text to the host of the spelling service, e.g. Google in the case of Firefox. Now if you have clicked on ‘show password’ at the time then the password (plus other related data) will be sent in clear text over the internet. This may not be the end of the world, but it’s certainly not good practice.

You can find out more and see some mitigation strategies at https://www.grc.com/sn/sn-889-notes.pdf