Re: Time to Upgrade: Mozilla Firefox Multiple Vulnerabilities

[Reed Loden <reed () reedloden com>]

On Wed, 20 Dec 2006 00:13:04 GMT
"Fergie" <fergdawg () netzero net> wrote:

> Also, I noticed that someone else mentioned that at least one
> critical vulnerability remains unplugged:
>
> http://www.internetnews.com/dev-news/article.php/3650106

I, personally, do not consider that a critical vulnerability. The
problem is really with the third-party sites (such as MySpace)
that allow users to post login forms on their site. If the sites didn't
allow users to post content like that, it wouldn't be a problem.
MySpace has since fixed this problem, so it's not an issue there. Also,
it's not like somebody can get the password for another website than
the one you are currently viewing.

A better "fix" (for some definition of "fix" for a problem that's
really not Firefox's fault) for this issue will come in a later Firefox
release, but for now, Firefox 2.0.0.1/1.5.0.9 allows people to disable
the password manager's autofill function if they feel that they are
really unsecure due to this issue.

Honestly, if you trust the sites you are going to, you shouldn't have a
problem. I'm not worried about it. :)

~reed

-- 
Reed Loden - <reed () reedloden com>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.