Holes Remain Open in Firefox Password Manager
juct writes "Although the Mozilla developers have fixed a known hole in the password manager of Firefox & Co, a door remains open for exploitation. According to an article on the heise site, hackers can still use JavaScript to steal passwords from users of the Mozilla, Firefox, and Safari browsers. However, the real problem might not be Firefox' password manager. If users can set up their own pages containing script code on a server, the JavaScript security model breaks. Heise Security demonstrates the possible password theft in a demo. 'From the users' perspective, this means that they should not entrust their passwords to the password manager on web sites that allow other users to create their own pages containing scripts. Otherwise somebody can easily create a page that steals the password as soon as the page is opened ... Users could also disable JavaScript or use add-ons such as NoScript to set up rules to provide additional protection. In the age of Web 2.0 this would, however, mean that many pages would cease to function. On the other hand it is doubtful that by not using a password manager security levels would be raised, since the resultant need to remember passwords often induces users to choose simplistic passwords and use them on multiple sites.'"
Get the Firefox patch here
I've really never seen much reason to install a second, superfluous, browser on my system. Sure, it had tabs, BFD. And now that IE7 is using tabs, it's still not that big a deal.
But really, from a security standpoint, the fewer applications you have installed, the more secure your system is. It's called decreasing your attack surface. And really, give the bloatware reputation of Firefox, they really aren't the bastion of secure computing the FOSSie FUD tries making them out to be.
FOSSies still can't even make teh Lunix secure: heck, they can't even get it to work as well as Windows 95. What on earth makes them think they can make Firefox secure? THAT is the real reason the FOSSies are so desperate for Microsoft to release the Windows source code: the FOSSies have no idea how to impliment something as important and complicated (and reliable) as "Plug and Play".
Now personally, I don't really have anything important on my home PC, but I still wouldn't trust my security to Firefox. Why bother? Why risk it? Mozilla already lost once in the marketplace of ideas to Microsoft: Netscape may have been the worst, buggiest browser ever made. People literally ran screaming into Microsoft's arms, crying for joy after switching to IE 3.02 (and saving $50 in the process).
It's just a browser, people. Get a grip. It just opens web pages. This is like the other "software as statement of lifestyle" opinions, like the lusers of OS X and Lunix constantly spew. Nobody cares what software you use, and you aren't getting all up in our collective grills by using teh Lunix. You are just gimping yourself and your career... which actually makes other people happy. One less person to compete with during a job search!
Disturbing. If you I'm sick of it. sanctions, And around are in need here, but what is