LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > Linux - News > Syndicated Linux News
User Name
Password
Syndicated Linux News This forum is for the discussion of Syndicated Linux News stories.

Notices

Reply
 
Search this Thread
Old 07-23-2007, 04:16 PM   #1
LXer
LXer NewsBot
 
Registered: Dec 2005
Posts: 73,378

Rep: Reputation: 82
LXer: Password vulnerability in Firefox 2.0.0.5


Published at LXer:

According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.

Read More...
 
Old 07-23-2007, 04:35 PM   #2
easuter
Member
 
Registered: Dec 2005
Location: Portugal
Distribution: Slackware64 13.0, Slackware64 13.1
Posts: 537

Rep: Reputation: 62
Yep, thats why its nice to always have NoScript installed...
 
Old 07-23-2007, 04:41 PM   #3
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 117Reputation: 117
This "vulnerability" seems hugely out of proportion to me. It would have to be on a site to which you've already submitted credentials. It does not seem to be exploitable across sites, and does not reveal your entire password store. In other words, a site can get its own stored password.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Vulnerability found in Firefox extension, Google toolbar LXer Syndicated Linux News 0 06-06-2007 01:16 AM
LXer: This week at LWN: The Firefox password manager vulnerability LXer Syndicated Linux News 0 12-06-2006 12:21 PM
LXer: Firefox password manager is not secure LXer Syndicated Linux News 0 11-23-2006 07:21 AM
LXer: Cross platform javascript vulnerability leaves IE, Firefox open LXer Syndicated Linux News 0 06-08-2006 04:21 AM
Vulnerability in Firefox 1.0.4 / Mozilla 1.7.8 win32sux Linux - Security 24 09-09-2005 04:23 PM


All times are GMT -5. The time now is 01:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration