Slashdot Mirror

← Back to Stories (view on slashdot.org)

Password Vulnerability In Firefox 2.0.0.5

Posted by CmdrTaco on from the waiting-for-the-patch-boys dept.

Paris The Pirate writes "According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw."

4 of 176 comments (clear)

  1. Dupe? by InvisblePinkUnicorn · · Score: 5, Informative

    Three days ago: http://it.slashdot.org/article.pl?sid=07/07/20/125 2215

  2. Re:Is this OS independent? by Compholio · · Score: 5, Informative

    I haven't RTFA (after all, this is Slashdot), but are all OSes equally vulnerable?
    I can confirm that it works on Linux.
  3. NoScript by grub · · Score: 5, Informative

    NoScript
    Repeat ad nauseum.

    --
    Trolling is a art,
  4. Re:Is this OS independent? by Mr.+Sketch · · Score: 5, Informative

    From what I read, yes. It only exposes passwords for the site you're visiting. The most common case of this is on myspace, where visiting a malicious website will transfer your myspace username/password to the website owner. This vulnerability exists on sites that allow users to post custom html and javascript and will expose your username and password for that site.

    This does not expose all your passwords, so if you have you bank password stored, it's safe, unless your bank has pages that allow users to post custom html and javascript.

    --
    Things you think are in the Constitution, but are not.