Most Popular
| Top Stories | Commented | Featured |
Weekend Open Forum: Have you upgraded to Windows 7 yet? What is there to like/not? featured
Tech Tip of The Week: Turn Off your Display Using a Windows Shortcut and More featured
Netflix PS3 streaming arrives tomorrow
Dell's ultra-thin Adamo XPS to ship soon for $1,799
Windows 7 crushed Vista in early launch sales
Nvidia Tegra 2 to double performance, arrive next year?
TechSpot RSSInformation Technology
Password vulnerability in Firefox 2.0.0.5?
A very short time after Mozilla released an update for Firefox to combat security issues brought about by IE, it seems they are already combating yet another flaw. The newly-discovered but not likely new flaw could potentially result in having a password stolen:
”...the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.”
On top of Firefox, it seems that Safari is vulnerable in the same way. Being compromised in such a fashion requires certain things to be true, such as the site in question enabling JavaScript (and the site trying to steal your password to begin with). With JavaScript disabled, the flaw can't be exploited.
There is a demo of the flaw available in which you can check to see if you are vulnerable. It seems that some are questioning whether the “flaw” really is such, and whether it should be fixed at all, since certain pages could steal passwords with or without the built-in password manager's help.
”...the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.”
On top of Firefox, it seems that Safari is vulnerable in the same way. Being compromised in such a fashion requires certain things to be true, such as the site in question enabling JavaScript (and the site trying to steal your password to begin with). With JavaScript disabled, the flaw can't be exploited.
There is a demo of the flaw available in which you can check to see if you are vulnerable. It seems that some are questioning whether the “flaw” really is such, and whether it should be fixed at all, since certain pages could steal passwords with or without the built-in password manager's help.
Related Stories
User Comments (1)
Post a comment| HarryW on July 24, 2007 7:14 PM | Install FireFox plugin "Secure Login 0.8.1.2" (https://addons.mozilla.org/en-US/firefox/addon/4429). It seems to protect the passwords
|
