Google's anti-phishing plugin leaked passwords
Hard to believe but Google's anti phishing plugin for Firefox leaks both e-mail addresses and passwords. The flaw lies in how Google generates its blasklist of phish websites. When a phish website is submitted to Google's server, embedded within the URL are e-mail addresses and passwords. Since this list is public, anyone can view the addresses and password. The flaw was discovered by web security provider Finjan Inc. The company quickly contacted Google about the flaw. Google has since fixed the problem.