With Firefox 2.0.0.1 being released yesterday, many folks have been asking has this fixed the the Firefox Password Manager Vulnerability. The short answer is NO. However, there is a simple fix via an about:config tweak that will protect you until this is fixed in the 2.0.0.2 release next month. In order to get 2.0.0.1 with all its fixes out in a timely manner this fix was pushed back to the next release. Before you do this tweak take a look at this demonstration site, it will show you exactly how the vulnerability works. Be sure to visit the site again to test your browser after you have completed the tweak below:
- In a new tab type about:config in the address bar and press enter (or click go)
- In the filter filed copy and paste signon.prefillForms
- Double click the entry to change the value to false
- Close the tab
What this tweak does is when you come to a login page, Firefox will not automatically pre-fill with your saved user name and password. Instead as you start to type in your user name, a drop down will appear. Select the correct user name and the password will pre-fill from there.
Also see: Update: Firefox Password Manager Vulnerability Part 2
Source: mozillaZine Firefox Builds