|
01/29/2007 — Chapin Information
Services (CIS) is advising users of all Mozilla Firefox products to immediately disable the password management features of those products.
On November 12, 2006, CIS reported a critical security bug in the Firefox Password Manager.
On December 19, 2006, Mozilla released Firefox version 2.0.0.1, which did not resolve the security bug.
On January 19, 2007, CIS revised its internal policy regarding the use of web browser password managers due to ongoing security concerns.
Today, CIS discovered that efforts to repair the MySpace.com website last year were inadequate to protect users from programming flaws in the Mozilla Firefox web browser.
|
Given these facts, CIS now considers the Firefox Password Manager to be unsafe for all purposes.
CIS will review this advisory when the Password Manager feature has been redesigned.
Password management can be disabled in the latest Windows version of Mozilla Firefox by clicking Tools, Options, Security, and then clearing the check box labeled, "Remember passwords for sites."
Passwords can then be retrieved manually by clicking the Show Passwords button on that same screen.
|