Posted on 11/22/2006 6:46:46 AM PST by holymoly
The automatic password manager in the Firefox web browser is not secure, according to a report on the software maker's website.
The browser stores user names and passwords for specific sites so that users don't need to type them in again. However, a bug report on the Firefox website suggests that the same tool will also supply passwords to fake sites that look like the real ones.
The user who discovered the problem was sent a link to a fake Myspace page that requested his login details. Although the page was a fake, and not stored on the Myspace servers, Firefox still automatically filled in his details.
For unsuspecting users, this could make it easier to accidentally send details to phishers or other scammers.
The advice from Mozilla, Firefox's maker, is to avoid using the password manager until the problem is fixed.
To switch off the password manager in Firefox, go to the Tools menu, click Options and select the Security tab. Remove the tick from the box marked 'Remember passwords for sites' and click OK.
Well, isn't that special.
Why do people still insist on clicking on links sent to them via email?
Isn't this Rule #1 for keeping your various login details secret?
This Firefox bug may be a problem but no software can protect the user from his/her own stupidity.
Why do people still insist on clicking on links sent to them via email?
Isn't this Rule #1 for keeping your various login details secret?
This Firefox bug may be a problem but no software can protect the user from his/her own stupidity.
I haven't checked out the bug yet, but I suspect that Microsoft either has a hand in discovering/promoting this problem or will exploit it as a promotion for IE7 and its built in phishing filter.
As to your comment, at work I call the "click on this link" or "run this program" type of attacks "darwinian." If you're stupid enough to fall for the attack then you're not bright enough to be using a computer on my corporate network, bye-bye, your port is now deactivated.
Thank you for posting this.
Neanderthalian would be more like it...but I get your point.
"Click on this link for as a free iPod..."
Firefox, IE flaw could expose passwords
"Users of both Firefox and Internet Explorer need to be aware that their information can be stolen in this way when visiting blog and forum Web sites at trusted addresses."
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.