LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The Firefox password manager vulnerability

The Firefox password manager vulnerability

Posted Dec 3, 2006 4:34 UTC (Sun) by bluefoxicy (guest, #25366)
Parent article: The Firefox password manager vulnerability

I've been meaning to implement this hack for months; gather a hundred or so passwords; devise a fix; and ship the whole shebang to MySpace and (sans-passwords) BugTraq. Never got around to it though...

Good show. I'm glad to see the first real-world occurrence was benign; it'd be just awful if someone had gathered user ID/password pairs and used the unattributed but often correct assumption that they're going to be the same for Amazon/Ebay/etc.

(Log in to post comments)

The Firefox password manager vulnerability

Posted Dec 3, 2006 5:17 UTC (Sun) by bluefoxicy (guest, #25366) [Link]

For transparency's sake, a Slashdot comment on my would-be version. Not quite identical (I was thinking automating the password send with JavaScript), but worked off the browser-fills-in-the-password theory.

No I'm not trying to take credit; I hadn't dreamed it could be solved by a password manager change, or considered vanilla phishing, or user-triggered non-javascript buttoneering, or any of that.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds