|
Firefox Hit With Password Management Vulnerability
|
Posted by Donster on: 2007-07-23 15:11:14 567
|
By Cyril Kowaliski @ The Tech Report
The folks at Linux.com warn of a new security vulnerability that is said to affect the latest version of Mozilla's popular Firefox browser. Quoting a post on the Full-Disclosure mailing list, the site says Firefox 2.0.0.5 suffers from a password management flaw that could allow a malicious website to steal a user's saved passwords. "If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw," the site warns.
For those interested, Heise Security has put together a proof of concept demonstration of the flaw that does indeed seem to work on Firefox 2.0.0.5. That said, Mozilla's browser isn't the only one affected. According to Linux.com, Apple's browser Safari is also vulnerable to the same flaw. The site advises that users either disable JavaScript or not use automatic password management on sites where users can post JavaScript pages.
|
|
News Source: Email
|
|
