Update: Firefox Password Manager Vulnerability Part 2

Note: If you have not done so already read the previous post: Update: Firefox Password Manager Vulnerability.

Now, I did some testing in Firefox as well as 3.0a1 and the results were well surprising:

  • Firefox ~ Same vulnerability exists but doing the tweak in the about:config as described in the previous post fixes this.
  • Firefox 3.0a1 ~ Same vulnerability exists as well. However there is no about:config entry for signon.prefillForms. So I decided I would add the entry to about:config and perform the test. The results were not good, Firefox 3.0a1 failed the test. Actually, I am not surprised by this since there has been a lot of “declaration” changes in both about:config and the userChrome.css with this version of Firefox. Since Firefox 3 is still in early development I am not really worried about this.