Right at the moment a user visits a website, even if they’ve never been there before or entered any personal information, a malicious website can uncover their first name, last name, work place, city, state, and email address. v4 & v5, with a combined market browser share of 4% (~83 million users), has a feature (Preferences > AutoFill > AutoFill web forms) enabled by default. Essentially we are hacking auto-complete functionality. This feature AutoFill’s HTML form text fields that have specific attribute names such as name, company, city, state, country, email, etc.

7c8ae8fd23 350x100 I know who your name, where you work, and live

Original post:
I know who your name, where you work, and live (Safari v4 & v5)