Slashdot Mirror

← Back to Stories (view on slashdot.org)

Password Vulnerability In Firefox 2.0.0.5

Posted by CmdrTaco on from the waiting-for-the-patch-boys dept.

Paris The Pirate writes "According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw."

17 of 176 comments (clear)

  1. Or Firefox for that matter by benhocking · · Score: 3, Funny

    All the truly intelligent people use Lynx.

    --
    Ben Hocking
    Need a professional organizer?
  2. Low security passwords by benhocking · · Score: 3, Funny

    Eh. Depends on what passwords you set it to remember. There are a ton of BS passwords that I don't give a damn if someone steals.
    Absolutely. My Slashdot password, for example, is one that I allow Firefox to remember. Er, not that I'm claiming Slashdot is BS or anything. ;)
    --
    Ben Hocking
    Need a professional organizer?
  3. Wimp by missing000 · · Score: 2, Funny

    Real men use telnet for every IP session.

    1. Re:Wimp by dattaway · · Score: 4, Funny

      telnet is for weenies.

      netcat is for men.

    2. Re:Wimp by Anonymous Coward · · Score: 5, Funny

      i just attach the cables to my nipples and decode the packets manually.

    3. Re:Wimp by rleibman · · Score: 5, Funny

      i just attach the cables to my nipples and decode the packets manually.

      Yeah, but can you generate outbound traffic?

    4. Re:Wimp by LordEd · · Score: 2, Funny

      Outbound traffic is sent back on a different port.

  4. Re:Do not save passwords by Anonymous Coward · · Score: 2, Funny

    It stores the password in plane text (at least it used to) for anyone with physical access to see if they know where to look (and it's not hard to figure out where to look). I have stolen many a passwords this way. It is worse than writing your password down and putting it in your desk.

    Even worse, because it uses plane text, you are helping the terrorists, who can now hijack your passwords and fly them into skyscrapers!

  5. Please Help!! by The+Real+Normal+Dan · · Score: 5, Funny

    Very funny you jerk! You steal my password, then mock me on my slashdot account! Is there an admin around? -The Real Normal Dan

  6. Re:Password Remember Function by Anonymous Coward · · Score: 1, Funny

    Ah yes, the old "you are an idiot if you don't do things the way I do them" argument. Are we grumpy because we are out of Clearasil today? Or did mommy start asking for basement rent?

  7. Stealing passwords? Hardly... by goldspider · · Score: 4, Funny

    This isn't theft, it's liberation! Information (including passwords) wants to be free!

    --
    "Ask not what your country can do for you." --John F. Kennedy
  8. Re:Password Remember Function by Tridus · · Score: 4, Funny

    I knew Post It Notes were more secure!

    --
    -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
  9. Re:Is this OS independent? by PPH · · Score: 4, Funny

    Memo to self: Take my /. password, 'ImADork' off my bank account.

    --
    Have gnu, will travel.
  10. Re:Is this OS independent? by jsse · · Score: 2, Funny

    I can confirm that it works on AmegaOS, Atrai, Sinclair ZX81 and PDP too.

    Well...actually I can't. If you excuse me, I'll go back to my corner where I can dialog with my shadow.

  11. Re:Do not save passwords by eln · · Score: 4, Funny

    Pretty much all text is plane text. Unless it's 3 dimensional I guess.

  12. Re:Is this OS independent? by Anonymous Coward · · Score: 3, Funny

    I already changed your bank password for ya.

    Dork.

  13. Re:Is this OS independent? by RealGrouchy · · Score: 5, Funny

    I haven't RTFA (after all, this is Slashdot), but are all OSes equally vulnerable? I can confirm that it works on Linux. TFA, or the vulnerability?

    - RG>
    --
    Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!