Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Firefox password manager is not secure
Computer Active ^

Posted on 11/22/2006 6:46:46 AM PST by holymoly

The automatic password manager in the Firefox web browser is not secure, according to a report on the software maker's website.

The browser stores user names and passwords for specific sites so that users don't need to type them in again. However, a bug report on the Firefox website suggests that the same tool will also supply passwords to fake sites that look like the real ones.

The user who discovered the problem was sent a link to a fake Myspace page that requested his login details. Although the page was a fake, and not stored on the Myspace servers, Firefox still automatically filled in his details.

For unsuspecting users, this could make it easier to accidentally send details to phishers or other scammers.

The advice from Mozilla, Firefox's maker, is to avoid using the password manager until the problem is fixed.

To switch off the password manager in Firefox, go to the Tools menu, click Options and select the Security tab. Remove the tick from the box marked 'Remember passwords for sites' and click OK.


TOPICS: Chit/Chat; Computers/Internet
KEYWORDS: firefox; mozilla
FYI:
Bugzilla Bug 360493 Cross-Site Forms + Password Manager = Security Failure
1 posted on 11/22/2006 6:46:48 AM PST by holymoly
[ Post Reply | Private Reply | View Replies]

To: holymoly

Well, isn't that special.


2 posted on 11/22/2006 6:49:20 AM PST by randog (What the...?!)
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #3 Removed by Moderator

To: holymoly
The user who discovered the problem was sent a link to a fake Myspace page that requested his login details.

Why do people still insist on clicking on links sent to them via email?

Isn't this Rule #1 for keeping your various login details secret?

This Firefox bug may be a problem but no software can protect the user from his/her own stupidity.

4 posted on 11/22/2006 9:04:24 AM PST by Bloody Sam Roberts (Res firma mitescere nescit)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

5 posted on 11/22/2006 11:28:48 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bloody Sam Roberts
The user who discovered the problem was sent a link to a fake Myspace page that requested his login details.

Why do people still insist on clicking on links sent to them via email?

Isn't this Rule #1 for keeping your various login details secret?

This Firefox bug may be a problem but no software can protect the user from his/her own stupidity.

I haven't checked out the bug yet, but I suspect that Microsoft either has a hand in discovering/promoting this problem or will exploit it as a promotion for IE7 and its built in phishing filter.

As to your comment, at work I call the "click on this link" or "run this program" type of attacks "darwinian."  If you're stupid enough to fall for the attack then you're not bright enough to be using a computer on my corporate network, bye-bye, your port is now deactivated.

6 posted on 11/22/2006 11:37:58 AM PST by Phsstpok (Often wrong, but never in doubt)
[ Post Reply | Private Reply | To 4 | View Replies]

To: holymoly

Thank you for posting this.


7 posted on 11/22/2006 12:22:11 PM PST by JerseyHighlander
[ Post Reply | Private Reply | To 1 | View Replies]

To: Phsstpok
I call the "click on this link" or "run this program" type of attacks "darwinian."

Neanderthalian would be more like it...but I get your point.

"Click on this link for as a free iPod..."


8 posted on 11/22/2006 12:44:57 PM PST by Bloody Sam Roberts (Res firma mitescere nescit)
[ Post Reply | Private Reply | To 6 | View Replies]

To: holymoly; All
More info:

Firefox, IE flaw could expose passwords

"Users of both Firefox and Internet Explorer need to be aware that their information can be stolen in this way when visiting blog and forum Web sites at trusted addresses."

9 posted on 11/22/2006 1:11:00 PM PST by holymoly ("A lot" is TWO words.)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson