Another security bug have hit the Firefox community today after that Mozilla made public bug #360493. The bug exposes Firefox’s Password Manager on many public sites, for example, username/password input tags on a Myspace user’s site will be unhelpfully propagated with the visitor’s Myspace.com credentials. You can see the proof-of-concept illustrating how password can be stolen in an almost completely transparent fashion.
This have been said, the website should be vulnerable to XSS bugs to get exploited. Many website owners should be careful about such bugs. To resolve this issue there is currently many solutions, until the bug will be fixed in Firefox :
- Passpet : Convenient Password Management and Phishing Protection
- Password Composer : Generate a different, safe password for every site you register with.
- Master Password Timeout : Locks the master security device after a predefined period of inactivity to prevent unauthorized use of saved passwords.
