• Tags
• Software (5405)
• Online (3284)
• VirusesAndMalware (113)
• MySpace (175)
• Linux (55)

CIS declares Firefox Password Manager unsafe

MySpace details may be compromised in unpatched flaw

• News
• Comments (0)

29 January 2007 17:34 GMT / By Amber Maitland

• Subscribe to RSS feeds
• Create PDF of this article
• Share this article
• Save this article
• Email this article
• Print this article
• Software homepage

CIS is reporting today that efforts by MySpace to fix a flaw that tricks users into entering their login details in to a bogus web page have failed.

CIS said that a Reverse Cross Site Request can still be injected into a MySpace.com email message.

News of the flaw first broke on 23 November, when CIS warned Firefox 2 and IE7 users to be careful of the vulnerability, which allows attackers to get users' login details by showing them a fake login form.

This tricks Firefox Password Manager into filling in the saved details. CIS reviewed the vulnerability on 19 January, after Firefox version 2.0.0.1 was released, but the version didn't contain a fix.

CIS is therefore warning users to disable the Password Manager so that they don't fall prey to a malicious bogus webpage.

• Read - Firefox and IE7 vulnerable to password-stealing attack

• Comment on this story for your chance to win a TomTom One XL Satnav GPS receiver

Latest in Software

• NEWS BBC iPlayer to let you link directly to funny moments
• NEWS UK online video views up 47% in a year
• NEWS "Twitter" added to the dictionary
• NEWS VIDEO OF THE DAY - Robot parkour
• NEWS Sony Ericsson "Rachael" handset, with Android, coming?

Latest on Pocket-lint.com

• NEWS BBC iPlayer to let you link directly to funny moments
• NEWS Limited edition LEICA D-LUX 4 SAFARI announced
• NEWS Onkyo launches A-9377 stereo amplifier
• NEWS BBC says Wimbledon broke online live video records
• NEWS 1Job launches iPhone application

Compare 20+
mobile broadband deals

Mobile Broadband »

Compare 50+
broadband packages

Home Broadband »