LXer: This week at LWN: The Firefox password manager vulnerability
Published at LXer:
A commonly used convenience feature in Firefox is the password manager (PM) which can keep track of username/password pairs for sites that one visits and fills in when a new login is required. Unfortunately, as a recent bug report shows, PM can be too helpful and provide that information to other sites, invisibly to the user. As of this writing, the underlying browser problem has not been fixed, though MySpace (where the problem was originally discovered in the wild) has changed its filtering of user-supplied HTML to avoid the problem.
|All times are GMT -5. The time now is 03:50 PM.|