Saturday, July 21, 2007

Holes in Firefox password manager [Update]

The Mozilla developers have fixed a known hole in the password manager of Firefox & Co, but a door remains open for exploitation. If the user gives permission, the inbuilt password manager of the open-source browser saves passwords and enters data into the respective form fields on the user's next visit automatically. This happens not only on the page where the password was saved, but also on all other pages on this server that contain a similar form.

Read the article HERE.

Firefox Implements httpOnly And is Vulnerable to XMLHTTPRequest
I saw a few different people mention over the last few days that httpOnly has been added to Firefox 2.0.0.5. Very exciting stuff - as this has long been missing for over two years. There are some major pros and cons when using httpOnly on cookies.

Read the article HERE.

0 Comments:

Post a Comment

<< Home