 |
 |
 |
 |
 |
Information about your favorite browser: news, articles and more.
CIS declares Firefox Password Manager unsafe
Closed Published January 30th, 2007 in All Categories, Exploits & Vulnerabilities, Firefox, Internet Explorer 7
CIS is reporting today that efforts by MySpace to fix a flaw that tricks users into entering their login
details in to a bogus web page have failed. CIS said that a Reverse Cross Site Request can still be injected into a MySpace.com email message. News of the flaw first broke on 23 November, when CIS warned Firefox 2 and IE7 users to be careful of the vulnerability, which allows attackers to get users’ login details by showing them a fake login form.
This tricks Firefox Password Manager into filling in the saved details. CIS reviewed the vulnerability on 19 January, after Firefox version 2.0.0.1 was released, but the version didn’t contain a fix. CIS declares Firefox Password Manager unsafe – Pocket-lint.co.uk
