Daily cyber threats and internet security news: network security, online safety and latest security alerts
September 27th, 2008

Password Bug Fixed Sooner Than Expected in Firefox 3.0.3

Mozilla released Firefox 3.0.3 with fix for a problem where users were unable to retrieve saved passwords or save new passwords. For some users, ever since upgrading, the new Firefox did not remember passwords or asked if passwords should be saved, even with preferences set to “Remember passwords for sites” and without exceptions in the “exeptions” box. It happened for every site that requires a password.

Just a day after it released Firefox 3.0.2 to fix 11 vulnerabilities, Mozilla Corp. said that an overlooked password bug requires a fast-track update it hopes to launch next week. Late Wednesday, Mike Beltzner, Mozilla’s director of Firefox, said that the bug, which prevents some users from accessing their browser-saved passwords, means another update is necessary. “While this doesn’t affect all Firefox users, it is a significant regression and has triggered a fast-release Firefox 3.0.3 which will contain a single fix,” Beltzner said in a message to the group.

The bug popped up in Firefox 3.0.2, which Mozilla released Tuesday, after developers added a fix to make the browser’s password manager work on international domain name (IDN) sites. IDN sites are those that have non-ASCII characters in their URLs, such as addresses with Arabic, Hebrew or Chinese characters, or ones with non-English diacritical marks.

According to Beltzner, users who have saved passwords on IDN sites or some non-English domains will be unable to access those passwords or save any new passwords after updating to Firefox 3.0.2. “There is no permanent data loss, the saved data is just inaccessible,” Beltzner noted.

A fix for the password regression bug is already available through Firefox update mechanism.

Share this item with others:

More on CyberInsecure:
  • Login And Password Stealing Trojan Masquerades As Firefox Plug-in
  • JavaScript Bug Patched By Mozilla In Firefox
  • Firefox Update Patch 9 Security Vulnberabilities, 4 Rated Critical
  • Unpatched Memory Corruption Flaw In Latest Firefox 3.5 Can Install Malware
  • Serious Security Flaw In Firefox 3.0.7, Exploit Already Available

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Password Bug Fixed Sooner Than Expected in Firefox 3.0.3

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.