The Mozilla Foundation has issued a security warning on its FireFox open browser.
Apparently the browser's secure password manager has a nasty habit of telling other people your user name and password.
The problem comes about because FireFox supplies the username and password stored on one page on a domain to another page on a domain. For example the Username and password input tags on a Myspace user's site will be shared along with the visitor's Myspace.com credentials.
According to Robert Chapin, of Chapin Information Services, who reports the problem on Bugzilla, the flaw means that passwords can be stolen without punters being aware of it.
In the short term, Mozilla is suggesting avoiding using Password Manager and the Master Password Timeout Firefox extension.
However, an exploit found in the wild mimicked the login.myspace.com site almost perfectly, causing many users to believe they needed to log in.
Listen
Print
Social Comments ()
Digital Journal Comments (9)
Email this
Share on Facebook
