Most Popular
| Top Stories | Commented | Featured |
ATI Radeon HD 5570 Review featured
Intel Core i5-based MacBook Pros coming soon?
AMD's six-core Thuban to have feature like Turbo Boost?
Google to launch Twitter-like service for Gmail
Intel unveils Itanium 9300 series enterprise processors
Netflix to roll out 1080p streaming later this year
TS Community
| User Gallery | Recent Discussion |
 LMAO by Adhmuz |  My Gaming Rig by Orionlocke |
 Quake 1 High Res by Tha General |  My New Beast by 1bellb |
TechSpot RSSIndustry News
Password vulnerability in Firefox 2.0.0.5?
A very short time after Mozilla released an update for Firefox to combat security issues brought about by IE, it seems they are already combating yet another flaw. The newly-discovered but not likely new flaw could potentially result in having a password stolen:
”...the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.”
On top of Firefox, it seems that Safari is vulnerable in the same way. Being compromised in such a fashion requires certain things to be true, such as the site in question enabling JavaScript (and the site trying to steal your password to begin with). With JavaScript disabled, the flaw can't be exploited.
There is a demo of the flaw available in which you can check to see if you are vulnerable. It seems that some are questioning whether the “flaw” really is such, and whether it should be fixed at all, since certain pages could steal passwords with or without the built-in password manager's help.
”...the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.”
On top of Firefox, it seems that Safari is vulnerable in the same way. Being compromised in such a fashion requires certain things to be true, such as the site in question enabling JavaScript (and the site trying to steal your password to begin with). With JavaScript disabled, the flaw can't be exploited.
There is a demo of the flaw available in which you can check to see if you are vulnerable. It seems that some are questioning whether the “flaw” really is such, and whether it should be fixed at all, since certain pages could steal passwords with or without the built-in password manager's help.
Related Stories
User Comments (1)
Post a comment| HarryW on July 24, 2007 7:14 PM | Install FireFox plugin "Secure Login 0.8.1.2"
(https://addons.mozilla.org/en-US/firefox/addon/4429). It
seems to protect the passwords
|
Featured Tech Content - Inside TechSpot
 ATI Radeon HD 5570 Review |  ATI Radeon HD 5450 Review |  TechSpot PC Buying Guide |  Effortless Ways to Download Video Content from YouTube and Other Sites |  ATI Radeon HD 5670 Review |