CIS declares Firefox Password Manager unsafe

CIS is reporting today that efforts by MySpace to fix a flaw that tricks users into entering their login details in to a bogus web page have failed.

CIS said that a Reverse Cross Site Request can still be injected into a MySpace.com email message.

News of the flaw first broke on 23 November, when CIS warned Firefox 2 and IE7 users to be careful of the vulnerability, which allows attackers to get users' login details by showing them a fake login form.

This tricks Firefox Password Manager into filling in the saved details. CIS reviewed the vulnerability on 19 January, after Firefox version 2.0.0.1 was released, but the version didn't contain a fix.

CIS is therefore warning users to disable the Password Manager so that they don't fall prey to a malicious bogus webpage.

• Read - Firefox and IE7 vulnerable to password-stealing attack

• Comment on this story for your chance to win a TomTom XL Live IQ Routes Europe

Latest in Software

• NEWS Vodafone Pocket-lint Gadget Awards date confirmed and tickets on sale
• NEWS VIDEO: WorkSnug workplace-finding iPhone app launches
• NEWS VIDEO OF THE DAY - Magic Wand
• NEWS Microsoft offers money for News Corp to de-Google its content
• NEWS Roadmap says we should expect Windows 8 in 2012

Latest on Pocket-lint.com

• NEWS Google Maps Navigation comes to Android 1.6
• REVIEW Pro Evolution Soccer 2010 - PS3
• NEWS Gameloft: iPhone game sales 400 times that of Android
• NEWS Truphone calls to America to be free on Thanksgiving
• NEWS 10 perfect Christmas presents for...Apple Mac fans