Bug can give secure details to the wrong site
The automatic password manager in the Firefox web browser is not secure, according to a report on the software maker's website.
The browser stores user names and passwords for specific sites so that users don't need to type them in again. However, a bug report on the Firefox website suggests that the same tool will also supply passwords to fake sites that look like the real ones.
The user who discovered the problem was sent a link to a fake Myspace page that requested his login details. Although the page was a fake, and not stored on the Myspace servers, Firefox still automatically filled in his details.
For unsuspecting users, this could make it easier to accidentally send details to phishers or other scammers.
The advice from Mozilla, Firefox's maker, is to avoid using the password manager until the problem is fixed.
To switch off the password manager in Firefox, go to the Tools menu, click Options and select the Security tab. Remove the tick from the box marked 'Remember passwords for sites' and click OK.
Updating your subscription status