THE MOZZARELLA Foundation has issued a security warning on its Firebadger open sauce browser.
Apparently the browser's secure password manager has a nasty habit of telling other people your user name and password.
The problem comes about because Firebadger supplies the username and password stored on one page on a domain to another page on a domain. For example the Username and password input tags on a Myspace user's site will be shared along with the visitor's Myspace.com credentials.
According to Robert Chapin, of Chapin Information Services, who reports the problem on Bugzilla, the flaw means that passwords can be stolen without punters being aware of it.
In the short term, Mozzarella is suggesting avoiding using Password Manager and the Master Password Timeout Firefox extension.
However, an exploit found in the wild mimicked the login.myspace.com site almost perfectly, causing many users to believe they needed to log in.
Source: The Inq
1
Firefox gives passwords away
Started by
Nvyseal
, Nov 22 2006 07:44 PM
8 replies to this topic
#1
Posted 22 November 2006 - 07:44 PM
#2 Guest_scaramonga_*
Posted 22 November 2006 - 07:54 PM
Which is why I never let Firefox/IE store any passwords.....period!
Roboform is the way
Roboform is the way
#3
Posted 22 November 2006 - 08:24 PM
wth is fire badger?
#4
Posted 22 November 2006 - 08:26 PM
thanks for the heads up guys...
#5
Posted 24 November 2006 - 01:10 AM
Maybe someone should tell this site about it: www.killfirefox.com
I usually save my passwords in browsers, but not very important ones - they usually tend not to save those anyway. Like Bank sites and other major personal account online.
I usually save my passwords in browsers, but not very important ones - they usually tend not to save those anyway. Like Bank sites and other major personal account online.
#6
Posted 24 November 2006 - 01:18 AM
Yet another reason I prefer Opera instead.
#7
Posted 24 November 2006 - 02:40 AM
Biggest problem here is imo the user...
I know Firefox enters them in advance, but any IE user without looking closely might enter them as well too... so... entering either the ok button or all the way is a user responsibility...
I know Firefox enters them in advance, but any IE user without looking closely might enter them as well too... so... entering either the ok button or all the way is a user responsibility...
#8
Posted 24 November 2006 - 12:43 PM
I have to agree with Sphere, a bad user is in risk with any browser . If it's an important password i never trust any browser. I dont care if i have to type it every time i visit a site.
#9
Posted 25 November 2006 - 11:00 AM
These are my settings. Would never dream of leaving my passwords in this computer. Email, stock accounts, online shopping, my bank accounts... I'm lazy, but not so lazy I can't type in my passwords.
Attached Files
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users