Tag: password_management

Password Vulnerability In Firefox 2.0.0.5

According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.

The Mozilla team fixed a similar flaw last November, one which did not require JavaScript. The heise Security Web site contains a demo/proof of concept of the vulnerability risk that you can use to determine your vulnerability. The original flaw was referred to as reverse cross-site scripting and was reportedly widely used on Myspace.com. Read More»

Posted in Firefox | 4 Comments »