Thursday, 26 December 2013

Firefox 2.0 Password Manager Bug Exposes Passwords


This is a serious bug if you use the Firefox Password Manager. As described at Slashdot.org:

"The flaw derives from Firefox's willingness to supply the username and password stored on one page on a domain to another page on a domain. For example, username/password input tags on a Myspace user's site will be unhelpfully propagated with the visitor's Myspace.com credentials."
Using Control + Shift + Delete will clear private data in Firefox. In addition, turn off the Password Manager and the Firefox extension "Master Password Timeout" if you use it.

No comments:

Post a Comment