SubscribeCritical Firefox vulnerability revealed
Posted by stuart on November 22nd 2006
Password Manager Bug Exposes Passwords
Today, Mozilla publicly admitted a bug (#360493) in Firefox’s Password Manager allows a malicious website to expose usernames and passwords saved from previously visited sites. Chapin Information Services have provided a proof-of-concept page where you can see the results for yourself.
This bug will likely initiate close scrutiny of the Password Manager in Firefox so I’m betting that other vulnerabilities may arise. Mozilla’s only recommended solution at this time is to not use the Password Manager. Slashdot have reported that this targets Firefox 2.0 only, but comments indicate that Firefox 1.5.0.8 is also affected – and I can confirm this is the case.
Posted by stuart
Filed under Breaking News, Firefox, Firefox 2.0
Tagged with Breaking News, chapin, Firefox, Firefox 20, malicious-website, mozilla, password-manager, proof-of-concept, recommended-solution, security, slashdot, usernames-and-passwords, vulnerabilities, vulnerability
Comments