Most Popular
| Top Stories | Commented | Featured |
Weekend Open Forum: Google Chrome OS and the future of cloud computing featured
Tech Tip of the Week: Unearth Region-Specific Windows 7 Themes featured
Google previews its upcoming Chrome OS
Mozilla reveals 2008 revenue, rumors say Firefox coming to PS3
Sony: PlayStation 3 to be 3D-capable via firmware update
Xbox Live bans prompt class action lawsuit
TS Community
| User Gallery | Recent Discussion |
 my new ram by bigspud200 |  Breidamerkurlon by Sivert |
 good ol simpsons by jtickner1 |  Videos Playback by tipstir |
TechSpot RSSInformation Technology
Password vulnerability in Firefox 2.0.0.5?
A very short time after Mozilla released an update for Firefox to combat security issues brought about by IE, it seems they are already combating yet another flaw. The newly-discovered but not likely new flaw could potentially result in having a password stolen:
”...the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.”
On top of Firefox, it seems that Safari is vulnerable in the same way. Being compromised in such a fashion requires certain things to be true, such as the site in question enabling JavaScript (and the site trying to steal your password to begin with). With JavaScript disabled, the flaw can't be exploited.
There is a demo of the flaw available in which you can check to see if you are vulnerable. It seems that some are questioning whether the “flaw” really is such, and whether it should be fixed at all, since certain pages could steal passwords with or without the built-in password manager's help.
”...the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.”
On top of Firefox, it seems that Safari is vulnerable in the same way. Being compromised in such a fashion requires certain things to be true, such as the site in question enabling JavaScript (and the site trying to steal your password to begin with). With JavaScript disabled, the flaw can't be exploited.
There is a demo of the flaw available in which you can check to see if you are vulnerable. It seems that some are questioning whether the “flaw” really is such, and whether it should be fixed at all, since certain pages could steal passwords with or without the built-in password manager's help.
Related Stories
User Comments (1)
Post a comment| HarryW on July 24, 2007 7:14 PM | Install FireFox plugin "Secure Login 0.8.1.2" (https://addons.mozilla.org/en-US/firefox/addon/4429). It seems to protect the passwords
|
