December 20, 2006

Update: Firefox Password Manager Vulnerability Part 2

Note: If you have not done so already read the previous post: Update: Firefox Password Manager Vulnerability. Now, I did some testing in Firefox 1.5.0.9 as well as 3.0a1 and the results were well surprising: Firefox 1.5.0.9 ~ Same vulnerability exists but doing the tweak in the about:config as described in the previous post fixes this. Firefox 3.0a1 ~ Same vulnerability exists as well. However there is no about:config entry for signon.prefillForms. So I decided I would add the entry to about:config and perform the test. The results were not good, Firefox 3.0a1 failed the test. Actually, I am not…

Read More

Update: Firefox Password Manager Vulnerability

With Firefox 2.0.0.1 being released yesterday, many folks have been asking has this fixed the the Firefox Password Manager Vulnerability. The short answer is NO. However, there is a simple fix via an about:config tweak that will protect you until this is fixed in the 2.0.0.2 release next month. In order to get 2.0.0.1 with all its fixes out in a timely manner this fix was pushed back to the next release. Before you do this tweak take a look at this demonstration site, it will show you exactly how the vulnerability works. Be sure to visit the site again…

Read More