All the latest UK technology news, reviews and analysis

Password flaw hits Firefox and Safari

by Ian Williams

25 Jul 2007

Comment: 1

  • Tweet this

The latest versions of Firefox and Safari contain a password management security flaw that could allow certain websites to access stored usernames and passwords.

A message on the Full Disclosure mailing list warned that users who have either browser configured to remember passwords, and have JavaScript enabled, are at risk.

Further reading

Mozilla fixed a similar reverse cross-site scripting flaw in Firefox last November, but this was a lot more serious as it did not require JavaScript to be enabled.

Heise Security has a demonstration of the vulnerability on its website to allow users to determine whether they are vulnerable to the attack. 

However, some developers and commentators have questioned whether this constitutes a vulnerability in the browser, as it requires the attacker to place malicious code on the web server.

If an attacker can place script code on a server, they would be able to manipulate the pages anyway, and would have other ways to steal user access data.

Until a fix is released, users are urged to disable JavaScript in their browser or avoid the use of the password manager on sites where users are allowed to post JavaScript pages.

Do you agree?

Add your comment

Lack of security

It may be a simplistic view from a non scientific mind like mine, but surely the authors of established software programmes should by now be well able to totally outsmart hackers and other ne'er do wells that seem to be able to crack every update or patch out there. Who is smarter - Bill Gates or the hacker ??

Posted by: Mr R.W.Rudge 26 Jul 2007

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Privacy

Apple iPhone 4S

Apple toughens up on rogue iOS Apps

Related white papers

Related articles

Related jobs

Today's top stories

Apple OS X Mountain Lion

Top five features of Apple OS X Mountain Lion

Clouds superimposed on a computer keyboard

Red Hat pushes cloud computing interoperability

Toy soldiers on keyboard representing cyber security

Boardroom gears up for cyber war

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

.Net Principal Development Engineer Lead- London

Principal Development Engineer Lead- London - Smart TV...

.Net Development Engineer - HTML, XHTML, CSS, DOM

Development Engineer - London - Smart TV, Gaming, Tablets...

Principal Development Engineer - .Net ,C# or Java -

Principal Development Engineer - London - Smart TV, Gaming...

Test Engineer -London - Smart TV, Gaming, Tablets, PC& Mac

Test Engineer -London - Smart TV, Gaming, Tablets, PC...

To send to more than one email address, simply separate each address with a comma.