On Wed, 20 Dec 2006 00:13:04 GMT "Fergie" <[EMAIL PROTECTED]> wrote:
> Also, I noticed that someone else mentioned that at least one > critical vulnerability remains unplugged: > > http://www.internetnews.com/dev-news/article.php/3650106 I, personally, do not consider that a critical vulnerability. The problem is really with the third-party sites (such as MySpace) that allow users to post login forms on their site. If the sites didn't allow users to post content like that, it wouldn't be a problem. MySpace has since fixed this problem, so it's not an issue there. Also, it's not like somebody can get the password for another website than the one you are currently viewing. A better "fix" (for some definition of "fix" for a problem that's really not Firefox's fault) for this issue will come in a later Firefox release, but for now, Firefox 2.0.0.1/1.5.0.9 allows people to disable the password manager's autofill function if they feel that they are really unsecure due to this issue. Honestly, if you trust the sites you are going to, you shouldn't have a problem. I'm not worried about it. :) ~reed -- Reed Loden - <[EMAIL PROTECTED]> _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
