07-24-2007, 09:24 AM
Quote:According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw...
Apple's Safari is vulnerable in the same way. Current workarounds include disabling JavaScript in Firefox or avoiding the use of Firefox password management on sites where users are allowed to post JavaScript pages...
full article: http://www.linux.com/feature/118166