Firefox 2.0 Password Manager Bug Exposes Passwords

ronjor · #1 November 21st, 2006, 07:46 PM

Quote:

"Today, Mozilla made public bug #360493, which exposes Firefox's Password Manager on many public sites. The flaw derives from Firefox's willingness to supply the username and password stored on one page on a domain to another page on a domain.

Story

Rasheed187 · #2 November 25th, 2006, 11:36 AM

This is quite a serious bug, not? And is it that hard to avoid these kind of programming errors?

nadirah · #3 November 26th, 2006, 04:50 AM

I think you can set firefox to not remember any passwords and other personal details etc etc....

AWorriedPerson · #4 December 9th, 2006, 05:04 AM

But does it affect my passwords if I have installed Firefox in my computer, but I use Internet Explorer for sites with password?

Robyn · #5 December 9th, 2006, 10:25 AM

If you are running IE7 it is open to the flaw too

Quote:

Both the Mozilla Foundation's Firefox 2 and Microsoft's Internet Explorer 7 web browsers are vulnerable to a flaw that could allow attackers to steal passwords.

http://news.zdnet.co.uk/security/0,1...9284818,00.htm

AWorriedPerson · #6 December 14th, 2006, 10:25 AM

But if I use Internet Explorer 6, then my passwords are secure? So I should not download Internet Explorer 7?

I downloaded Mozilla Firefox 2.0 but I never used it because I saw this topic. But during installation process it asked if I would transfer information to Mozilla Firefox 2.0 from Internet Explorer. I did and now I have a fear that one password that was saved to remember in Internet Explorer is now known to some other person.

Mrkvonic · #7 December 14th, 2006, 11:13 AM

Hello,
No need to worry.
Your passwords may be stolen if:
1. You save them in your browser - if you always click 'never' or 'not now' when prompted to save the password, there's nothing to steal.
2. You need to visit a specially crafted page and be duped into interaction with content thereon to get potentially exploited.
Mrk

AWorriedPerson · #8 December 14th, 2006, 11:39 AM

Quote:

Originally Posted by Mrkvonic

Hello,
No need to worry.
Your passwords may be stolen if:
1. You save them in your browser - if you always click 'never' or 'not now' when prompted to save the password, there's nothing to steal.
2. You need to visit a specially crafted page and be duped into interaction with content thereon to get potentially exploited.
Mrk

Thank you very much. That is really relieving to hear. Although I clicked once yes when prompted to save the password.

Mrkvonic · #9 December 14th, 2006, 11:47 AM

Hello,
You can delete saved passwords.
Mrk

AWorriedPerson · #10 December 14th, 2006, 12:01 PM

Quote:

Originally Posted by Mrkvonic

Hello,
You can delete saved passwords.
Mrk

Could you explain me how to do it, please? I think I was able to do it by saving a false password instead the right, but I am not sure did it work correctly.

ronjor · #11 December 14th, 2006, 12:11 PM

In Firefox, go to the top menu, tools, options, security, show passwords. You can remove them from the window.

Mrkvonic · #12 December 14th, 2006, 12:13 PM

Hello,
Well, ronjor was faster....
Mrk

AWorriedPerson · #13 December 14th, 2006, 12:21 PM

Quote:

Originally Posted by ronjor

In Firefox, go to the top menu, tools, options, security, show passwords. You can remove them from the window.

Thank you very much. I know this is not this topic but could you tell me please, how to do it in Internet Explorer too?

Mem · #14 December 14th, 2006, 01:56 PM

For IE7 Tools->Internet Options-> General-> Browsing History Delete-> Delete All or Delete Passwords

ronjor · #15 December 14th, 2006, 02:31 PM

For IE6, tools, Internet options, content, click auto complete, click clear passwords.

AWorriedPerson · #16 December 16th, 2006, 04:12 AM

Thank you all very much for your help.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search