Archive for December 20th, 2006

Update: Firefox Password Manager Vulnerability Part 2

Published Wednesday, December 20, 2006 1.5 (Deer Park) , 2.0 (Bon Echo) , 3.0 (Gran Paradiso) , Firefox , Tips & Tweaks Leave a Comment

Note: If you have not done so already read the previous post: Update: Firefox Password Manager Vulnerability.

Now, I did some testing in Firefox 1.5.0.9 as well as 3.0a1 and the results were well surprising:

  • Firefox 1.5.0.9 ~ Same vulnerability exists but doing the tweak in the about:config as described in the previous post fixes this.
  • Firefox 3.0a1 ~ Same vulnerability exists as well. However there is no about:config entry for signon.prefillForms. So I decided I would add the entry to about:config and perform the test. The results were not good, Firefox 3.0a1 failed the test. Actually, I am not surprised by this since there has been a lot of “declaration” changes in both about:config and the userChrome.css with this version of Firefox. Since Firefox 3 is still in early development I am not really worried about this.

Update: Firefox Password Manager Vulnerability

Published Wednesday, December 20, 2006 2.0 (Bon Echo) , Blogs , Firefox , Mozilla News , Tips & Tweaks Comments

With Firefox 2.0.0.1 being released yesterday, many folks have been asking has this fixed the the Firefox Password Manager Vulnerability. The short answer is NO. However, there is a simple fix via an about:config tweak that will protect you until this is fixed in the 2.0.0.2 release next month. In order to get 2.0.0.1 with all its fixes out in a timely manner this fix was pushed back to the next release. Before you do this tweak take a look at this demonstration site, it will show you exactly how the vulnerability works. Be sure to visit the site again to test your browser after you have completed the tweak below:

  1. In a new tab type about:config in the address bar and press enter (or click go)
  2. In the filter filed copy and paste signon.prefillForms
  3. Double click the entry to change the value to false
  4. Close the tab

What this tweak does is when you come to a login page, Firefox will not automatically pre-fill with your saved user name and password. Instead as you start to type in your user name, a drop down will appear. Select the correct user name and the password will pre-fill from there.

Also see: Update: Firefox Password Manager Vulnerability Part 2

Source: mozillaZine Firefox Builds

 Subscribe in a reader

 

December 2006
S M T W T F S
« Nov   Jan »
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Upcoming Releases

Fx 3.0.12 -- July 15th
Fx 3.0.13 -- September 1st
Fx 3.5.1 -- TBA

Chandler, AZ Weather

Click for Chandler, Arizona Forecast

Categories

Archives

Blog Stats

  • 768,336 views

Posts of Interest

Site Translations

Spanish
French
German
Italian
Portuguese
Arabic (BETA)
Simplified Chinese (BETA)
Japanese (BETA)
Korean (BETA)
Russian (BETA)
Upcoming Releases
- Fx 1.5.0.10/2.0.0.2
RELEASED February 23rd - Major Update (Fx 1.5.0.X to 2.0.0.X)
Mid/Late March - Fx 1.5.0.11/2.0.0.3
March 13 Tentative - Fx 1.5.0.12/2.0.0.4
April 2007 Tentative - Fx 3.0a2/Gecko 1.9a2
RELEASED February 7th - Fx 3.0a3/Gecko 1.9a3
March 19th Tentative - TB 1.5.0.10
RELEASED March 1st - TB 2.0b2
RELEASED January 24th - TB 2.0 (Final)
Late March 2007