There’s a new bug, which can reveal your password to any other page on the same domain. Even if you have a master password set, you should clear out all your Firefox stored passwords until this is fixed. There are a lot of ways to take advantage of this, especially on Web 2.14.168.42 sites.
Yep- I use it, and will miss it. I hope they fix this soon.
Reader interactions
2 Replies to “Disable Storing Passwords in Firefox 2.0”
There are a lot of tricks, including scripting techniques to grab passwords from other sites, or fool a password manager (built into the browser or a separate program) into providing a password with little or no human confirmation, but it’s simply not possible to completely prevent people from sending their passwords for any site to ‘rogue’ pages on the same. In the simplest case, someone could copy the official Site X login page, make a private copy, and store the passwords entered or send them to a remote server. For bonus points, forward the credentials to the real login page, so the user gets logged in successfully and doesn’t notice anything is wrong.
MacFixit points out that this affects Safari too! It’s limited to a single site, but makes still me a sad panda.
http://www.macfixit.com/article.php?story=20061124005926830