LinuxQuestions.org - LXer: Password vulnerability in Firefox 2.0.0.5

- Syndicated Linux News (https://www.linuxquestions.org/questions/syndicated-linux-news-67/)

- - LXer: Password vulnerability in Firefox 2.0.0.5 (https://www.linuxquestions.org/questions/syndicated-linux-news-67/lxer-password-vulnerability-in-firefox-2-0-0-5-a-571713/)

LXer	07-23-2007 04:16 PM

LXer: Password vulnerability in Firefox 2.0.0.5

Published at LXer:

According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.

Read More...

easuter

07-23-2007 04:35 PM

Yep, thats why its nice to always have NoScript installed... :D

Matir

07-23-2007 04:41 PM

This "vulnerability" seems hugely out of proportion to me. It would have to be on a site to which you've already submitted credentials. It does not seem to be exploitable across sites, and does not reveal your entire password store. In other words, a site can get its own stored password.

All times are GMT -5. The time now is 08:12 PM.