LXer: Password vulnerability in Firefox 2.0.0.5
Published at LXer:
According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw. Read More... |
Yep, thats why its nice to always have NoScript installed... :D
|
This "vulnerability" seems hugely out of proportion to me. It would have to be on a site to which you've already submitted credentials. It does not seem to be exploitable across sites, and does not reveal your entire password store. In other words, a site can get its own stored password.
|
All times are GMT -5. The time now is 08:12 PM. |