Closed
Bug 187237
Opened 22 years ago
Closed 22 years ago
first popup-type authentication saved in password manager used to fill in all subsequent forms automatically.
Categories
(Firefox :: General, defect)
Firefox
General
Tracking
()
VERIFIED
DUPLICATE
of bug 184436
People
(Reporter: eclip5e, Assigned: bugzilla)
References
()
Details
Attachments
(1 file)
222 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5 Any site that pops up one of those "enter password" type prompt boxes now allows phoenix to save the password in the password manager. The first saved password is then used to fill in all subsequent popup forms including non-password forms (such as bookmarklet that comes with mozilla "Quick Searches -> Dictionary Lookup") I dislike sending my saved router password to m-w.com when i want to lookup a word, but the form entry gets filled in automatically with my passwords. Not good. Where is the password manager? Reproducible: Always Steps to Reproduce: 1. Go to: http://www.he.net/~jdoe/info/htaccess/demo.html 2. Click on the first link on page "Restricted Information" 3. type in John as username 4. type in orange as password 5. Check "Save password blah blah" checkbox below so it saves it. 6. Enter site. Done with password saving part. 7. Use a bookmarklet that prompts user for input, such is the famous "Highlight Text" bookmarklet that highlights the text a user inputs on a specific page. Bookmarket below, create a new toolbar bookmark, add this below as the URL javascript:Qr=document.getSelection();if(!Qr){void(Qr=prompt('Enter word to find in Merriam-Webster Dictionary:',''))}if(Qr)location.href='http://www.m-w.com/cgi-bin/dictionary?'+escape(Qr)+' ' 8. should notice that the m-w.com search says... Suggestions for [first password in your database here] 9. be scared. Actual Results: first password saved in password manager is filled into the prompt. Using the above bookmarklet searches for that password on the page, and if not found, displays the following in the statusbar... "Found 0 occurences of '[password]'." Can no longer use such bookmarklets. Expected Results: let the user fill in the textbox. Here is the bookmarklet, drag into your toolbar. <a href="javascript:Qr=document.getSelection();if(!Qr){void(Qr=prompt('Enter word to find in Merriam-Webster Dictionary:',''))}if(Qr)location.href='http://www.m-w.com/cgi-bin/dictionary?'+escape(Qr)+' '">Highlight Text</a>
I've tested this in Windows 2000, debian linux 3.0, the following builds. Both reproduce the same failures. Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5
Comment 2•22 years ago
|
||
You lost me between 5 and 6... after 5 I get a page that says the following: "Restricted Document You've successfully accessed this document as either user john with password orange or user sheri with password apple. Back To .htaccess Demo" Where to from there? And I do not fully understand 7 either. I managed to put a bookmarklet on the bookmarks tool bar, and, after cleaning it up, it gives me a pop-up that tells me to enter a word to find in the Merriam-Webster dictionary. I chose "debian" and it returned a list of other words I might have been thinking of. Typing 'o' instead did not give me a suggestion of "orange". Finally, just pressing OK with nothing in the field did nothing either. I'm turning your script into an attachment which hopefully will either be dragable or the first link once you open the attachment will be. Using that, please start at instruction 5 (or rather, 6) and redescribe how to do this.
Comment 3•22 years ago
|
||
Ok, the attachment worked. Click on it http://bugzilla.mozilla.org/attachment.cgi?id=110421&action=view and then you can drag the "Highlight Text" to your bookmarks toolbar.
Comment 4•22 years ago
|
||
*** This bug has been marked as a duplicate of 184436 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•