From
TechSpot :
A very short time after Mozilla released an update for Firefox to combat security issues brought about by IE, it seems they are already combating yet another flaw. The newly-discovered but not likely new flaw could potentially result in having a password stolen:
”...the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.”
On top of Firefox, it seems that Safari is vulnerable in the same way. Being compromised in such a fashion requires certain things to be true, such as the site in question enabling JavaScript (and the site trying to steal your password to begin with). With JavaScript disabled, the flaw can't be exploited.
There is a demo of the flaw available in which you can check to see if you are vulnerable. It seems that some are questioning whether the “flaw” really is such, and whether it should be fixed at all, since certain pages could steal passwords with or without the built-in password manager's help.
Go to the 'demo of the flaw link' there and can test it. Yep, it works.
I then installed the extension
Secure Login and tested again, nope doesn't work now. So definitly keeping that extension installed.
