Firefox hit with password management vulnerability

— 12:37 PM on July 23, 2007

The folks at warn of a new security vulnerability that is said to affect the latest version of Mozilla's popular Firefox browser. Quoting a post on the Full-Disclosure mailing list, the site says Firefox suffers from a password management flaw that could allow a malicious website to steal a user's saved passwords. "If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw," the site warns.

For those interested, Heise Security has put together a proof of concept demonstartion of the flaw that does indeed seem to work on Firefox That said, Mozilla's browser isn't the only one affected. According to, Apple's browser Safari is also vulnerable to the same flaw. The site advises that users either disable JavaScript or not use automatic password management on sites where users can post JavaScript pages.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.