Firefox 2.0.0.5

i just did an update,and firefox 2.0.0.5 has been added to
the tree(~ 
masked)...
but i just read a post at slashdot.org that says about a
password 
vulnerability of 2.0.0.5...
here's the link: http://it.slashdot.org/article.pl?sid=07/07/23/1450224


i just want to ask if it's ok to update to the new
firefox,or if it's a 
serious sec problem?... :/

thx...
-- 
gentoo-usergentoo.org mailing list

Stratos Psomadakis wrote:
> i just did an update,and firefox 2.0.0.5 has been added
to the tree(~ 
> masked)...
> but i just read a post at slashdot.org that says about
a password 
> vulnerability of 2.0.0.5...
> here's the link: http://it.slashdot.org/article.pl?sid=07/07/23/1450224

> 
> i just want to ask if it's ok to update to the new
firefox,or if it's a 
> serious sec problem?... :/
> 
> thx...

It's okay to update, as far as I know it's 2.0.0.5 and
before (aka 
everything...).

Your best bet is to not use the password saving features,
install 
noscript (important: WIPE OUT it's whitelist, then
selectively add sites 
you trust).
-- 
gentoo-usergentoo.org mailing list

Am Mittwoch 25 Juli 2007 04:10 schrieb fire-eyes:
> Stratos Psomadakis wrote:
> > i just did an update,and firefox 2.0.0.5 has been
added to the tree(~
> > masked)...
> > but i just read a post at slashdot.org that says
about a password
> > vulnerability of 2.0.0.5...
> > here's the link: http://it.slashdot.org/article.pl?sid=07/07/23/1450224

> >
> > i just want to ask if it's ok to update to the new
firefox,or if it's a
> > serious sec problem?... :/
> >
> > thx...
>
> It's okay to update, as far as I know it's 2.0.0.5 and
before (aka
> everything...).
>
> Your best bet is to not use the password saving
features, install
> noscript (important: WIPE OUT it's whitelist, then
selectively add sites
> you trust).

There is an addon called "Secure Login". I think
it solved the original 
problem by preventing Firefox from sending paaswords without
the users 
agreement but I'm not sure if it really helps at all.