Wednesday, November 22, 2006

Firefox 2.0 Password Manager Bug Exposes Passwords

This is a serious bug if you use the Firefox Password Manager. As described at

"The flaw derives from Firefox's willingness to supply the username and password stored on one page on a domain to another page on a domain. For example, username/password input tags on a Myspace user's site will be unhelpfully propagated with the visitor's Myspace dot com credentials."
Using Control + Shift + Delete will clear private data in Firefox. In addition, turn off the Password Manager and the Firefox extension "Master Password Timeout" if you use it.
See Bugzilla Bug 360493

No comments: