Firefox Password Flaw Still Open?
Is a flaw in the Firefox browser fixed or not? A security research claims that it’s not. Mozilla says it is.
Last November security researcher Robert Chapin discovered a zero day flaw in Mozilla Firefox’s password manager. The flaw could potentially allow a maliciously crafted page to auto-fill a form with credentials intended for another site.
Mozilla claimed that it fixed the flaw in its most recent Firefox 22.214.171.124 update. Chapin doesn’t quite agree.
Chapin has issued an advisory noting some 22 risks associated with the Mozilla Password manager and that in his estimation, less than 25 percent of the risk represented by these problems has been resolved in the release of version 126.96.36.199.
A Mozilla spokesperson was not immediately available for comment.
Full story: internetnews.com