Password Vulnerability In Firefox 2.0.0.5

Paris The Pirate writes "According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw."

Or Firefox for that matter

[benhocking]

<satire>All the truly intelligent people use Lynx.</satire>

Low security passwords

[benhocking]

Eh. Depends on what passwords you set it to remember. There are a ton of BS passwords that I don't give a damn if someone steals.

Absolutely. My Slashdot password, for example, is one that I allow Firefox to remember. Er, not that I'm claiming Slashdot is BS or anything. ;)

Wimp

[missing000]

Real men use telnet for every IP session.

Re:Do not save passwords

[Anonymous Coward]

It stores the password in plane text (at least it used to) for anyone with physical access to see if they know where to look (and it's not hard to figure out where to look). I have stolen many a passwords this way. It is worse than writing your password down and putting it in your desk.

Even worse, because it uses plane text, you are helping the terrorists, who can now hijack your passwords and fly them into skyscrapers!

Re:Wimp

[dattaway]

telnet is for weenies.

netcat is for men.

Please Help!!

[The Real Normal Dan]

Very funny you jerk! You steal my password, then mock me on my slashdot account! Is there an admin around? -The Real Normal Dan

Re:Password Remember Function

[Anonymous Coward]

Ah yes, the old "you are an idiot if you don't do things the way I do them" argument. Are we grumpy because we are out of Clearasil today? Or did mommy start asking for basement rent?

Stealing passwords? Hardly...

[goldspider]

This isn't theft, it's liberation! Information (including passwords) wants to be free!

Re:Wimp

[Anonymous Coward]

i just attach the cables to my nipples and decode the packets manually.

Re:Password Remember Function

[Tridus]

I knew Post It Notes were more secure!

Re:Is this OS independent?

[PPH]

Memo to self: Take my /. password, 'ImADork' off my bank account.

Re:Is this OS independent?

[jsse]

I can confirm that it works on AmegaOS, Atrai, Sinclair ZX81 and PDP too.

Well...actually I can't. If you excuse me, I'll go back to my corner where I can dialog with my shadow.

Re:Do not save passwords

[eln]

Pretty much all text is plane text. Unless it's 3 dimensional I guess.

Re:Wimp

[rleibman]

i just attach the cables to my nipples and decode the packets manually.

Yeah, but can you generate outbound traffic?

Re:Is this OS independent?

[Anonymous Coward]

I already changed your bank password for ya.

Dork.

Re:Is this OS independent?

[RealGrouchy]

I haven't RTFA (after all, this is Slashdot), but are all OSes equally vulnerable?

I can confirm that it works on Linux.

TFA, or the vulnerability?

- RG>

Re:Wimp

[LordEd]

Outbound traffic is sent back on a different port.