[JKT]

That doesn't matter. OmniWeb still inputs usernames and passwords automatically, it just happens to take them from the Keychain whereas Firefox uses its own password manager. The exploit doesn't care where the username and password is pulled from, it only cares that they are inputted.

However, from the test site that they posted OmniWeb wasn't vulnerable to the exploit using my preferences. However, that isn't to say that it is invulnerable - it could be due to the way I have things set up relative to a default install. I'd wait to see what OmniGroup has to say.