Patch for Fx 3.0.3 not fully patched, soon Fx 3.0.4 to follow...

[polonus]

Hi malware fighters,

The patch that meant to patch a problem with Fx 3.0.3 only seems to be partially helping...
Soon a new version of Fx, namely version 3.0.4 will appear and try to fully patch these problems...
See: https://bugzilla.mozilla.org/show_bug.cgi?id=457358
Like to hear from our Russian friends if they still experience problems with Fx 3.0.3?

On Bugzilla various users complain that the 3.0.3. update does not work for them. They cannot save passwords, and also the saved password list is empty. A manual solution that works is to add a new password and to restart Fx. "This work-around solves the problem. The average user however cannot appreciate this non-automatic solution, and may not be able to apply it, will get frustrated with the browser, and will say goodbye to Firefox", as Tuomo Tanskanen warns the developers,

polonus

[DavidR]

I can't understand why users want to save password info in their browser where it could well be vulnerable to being captured.

[MikeBCda]

Even worse, if you "view passwords" they're displayed as plain text.

[bob3160]

Even worse, if you "view passwords" they're displayed as plain text.

Since there are free programs available to reveal these passwords, all this does is make life simpler. 

http://mysharedfiles.no-ip.org/PasswordRevealer.exe

[George Yves]

I can't understand why users want to save password info in their browser where it could well be vulnerable to being captured.

I think there are two main reasons for that.

First, the passwords they save and keep are not for their bank accounts or something like that. Usually, these are passwords for different chats, forums, downloading sites, etc. Such passwords are useless for "web-criminals" and it would be senseless to keep them out of the browser.

Second, common users hope that their browser is as safe in keeping passwords as it is said on their browser's downloading site. Their question sounds like that: "If my browser is safe, why should I use something else to ensure the necessary level of security?"

[Lisandro]

First, the passwords they save and keep are not for their bank accounts or something like that. Usually, these are passwords for different chats, forums, downloading sites, etc. Such passwords are useless for "web-criminals" and it would be senseless to keep them out of the browser.

I think the same.

[OrangeCrate]

I think the same.

Me too.

[DavidR]

A password and user name are never worthless, it may make it easy to access, accounts, gather information misuse the account, etc.

It is just that browser security for passwords is weak and there are better tools, specifically designed for the task that retain the passwords, etc. encrypted so even if someone tried to access the info it would be much more difficult.

Unfortunately for those that rely on hope they are often disappointed.

[Lisandro]

A password and user name are never worthless, it may make it easy to access, accounts, gather information misuse the account, etc.

It is just that browser security for passwords is weak and there are better tools, specifically designed for the task that retain the passwords, etc. encrypted so even if someone tried to access the info it would be much more difficult.

Unfortunately for those that rely on hope they are often disappointed.

The problem, or the solution, is that we're not that much paranoid

[OrangeCrate]

Well, like Tech, I'm not very paranoid about all of this.

But, on the other hand, I'm not stupid either. None of my banking account passwords, or any others that access sensitive information, are stored, and they are super strong.

I've never looked into third party password managers as David alludes to, but, in my case, the only passwords that are saved in Firefox, are accesses to sites like this one. If any one "captures" those, I frankly couldn't care less. I would just change them.

Being Linux only, the chances of anything like this happening, is pretty slim anyway. They'd have to crack me with a kit, and I run a detector regularly, and if anything showed up, I wouldn't hesitate to reinstall in literally the next heartbeat. Tech would do the same thing.

[Lisandro]

But, on the other hand, I'm not stupid either. None of my banking account passwords, or any others that access sensitive information, are stored, and they are super strong.

Me too...

[DavidR]

Paranoia has nothing to do with it, why give the opportunity in the first place. I don't store any password in my browser and I don't use any password tools like roboform, etc. I don't store them anywhere on my system.

My suggestion is for the guidance of wise men, etc. etc. and are more directed to those of us who still use windows.

[OrangeCrate]

Paranoia has nothing to do with it, why give the opportunity in the first place. I don't store any password in my browser and I don't use any password tools like roboform, etc. I don't store them anywhere on my system.

My suggestion is for the guidance of wise men, etc. etc. and are more directed to those of us who still use windows.

Don't misunderstand my comments. I'm just adding my opinion to the thread. From an OS standpoint, I just approach things differently than you do.

There is absolutely nothing wrong with your philosophy, or plan, and I can find no fault in it.

It's kind of like the old adage...

"Men who don't own dogs, never get bit."

[DavidR]

When I comment on the forums, I try to think of those who might need guidance that may read the topic, not everyone who would use the firefox save password feature would limit it to non-critical sites.

I like and understand the adage

[Lisandro]

Paranoia has nothing to do with it, why give the opportunity in the first place. I don't store any password in my browser and I don't use any password tools like roboform, etc. I don't store them anywhere on my system.

But we do, we use Roboform, we like to use browser auto-login in forums... why not? It's not banking operation...

not everyone who would use the firefox save password feature would limit it to non-critical sites.

Critical sites use https and does not allow password saving...