Note: If you have not done so already read the previous post: Update: Firefox Password Manager Vulnerability. Now, I did some testing in Firefox 1.5.0.9 as well as 3.0a1 and the results were well surprising: Firefox 1.5.0.9 ~ Same vulnerability exists but doing the tweak in the about:config as described in the previous post fixes this. Firefox 3.0a1 ~ Same vulnerability exists as well. However there is no about:config entry for signon.prefillForms. So I decided I would add the entry to about:config and perform the test. The results were not good, Firefox 3.0a1 failed the test. Actually, I am not…

With Firefox 2.0.0.1 being released yesterday, many folks have been asking has this fixed the the Firefox Password Manager Vulnerability. The short answer is NO. However, there is a simple fix via an about:config tweak that will protect you until this is fixed in the 2.0.0.2 release next month. In order to get 2.0.0.1 with all its fixes out in a timely manner this fix was pushed back to the next release. Before you do this tweak take a look at this demonstration site, it will show you exactly how the vulnerability works. Be sure to visit the site again…