User: Password:
|
|
Subscribe / Log in / New account

The Firefox password manager vulnerability

The Firefox password manager vulnerability

Posted Dec 3, 2006 4:34 UTC (Sun) by bluefoxicy (guest, #25366)
Parent article: The Firefox password manager vulnerability

I've been meaning to implement this hack for months; gather a hundred or so passwords; devise a fix; and ship the whole shebang to MySpace and (sans-passwords) BugTraq. Never got around to it though...

Good show. I'm glad to see the first real-world occurrence was benign; it'd be just awful if someone had gathered user ID/password pairs and used the unattributed but often correct assumption that they're going to be the same for Amazon/Ebay/etc.


(Log in to post comments)

The Firefox password manager vulnerability

Posted Dec 3, 2006 5:17 UTC (Sun) by bluefoxicy (guest, #25366) [Link]

For transparency's sake, a Slashdot comment on my would-be version. Not quite identical (I was thinking automating the password send with JavaScript), but worked off the browser-fills-in-the-password theory.

No I'm not trying to take credit; I hadn't dreamed it could be solved by a password manager change, or considered vanilla phishing, or user-triggered non-javascript buttoneering, or any of that.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds