Closed
Bug 372045
Opened 17 years ago
Closed 16 years ago
Form action property saved by password manager not accessible from JavaScript for extension developing.
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: mail, Unassigned)
Details
Attachments
(1 file)
|
4.07 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2 The Mozilla Foundation Security Advisory 2007-02 (http://www.mozilla.org/security/announce/2007/mfsa2007-02.html) states that "The Firefox password manager was altered to take into account the destination site of the password data and only replay when a form's destination matches the one that was saved." But this property (the destination site / form action attribute) isn't accessible through JavaScript for extension developers to take into account - Especially Login extensions should be able to use it. So far, the only properties you can get by using nsIPasswordManager and the Interfaces nsIPassword and nsIPasswordInternal are - host - password - user - passwordFieldName - userFieldName Reproducible: Always Steps to Reproduce: Nothing to reproduce, just an important property not accessible for Extension Developers. Actual Results: Nothing to reproduce, just an important property not accessible for Extension Developers. Expected Results: Nothing to reproduce, just an important property not accessible for Extension Developers. It is just the form action attribute saved by Password Manager since the last Firefox release (Version 2.0.0.2), that should be made accessible to extension developers through JavaScript, so login extensions can make use of the additional security aspect.
|
||
Comment 1•17 years ago
|
||
Is this an issue for any existing extensions?
|
Reporter | |
Comment 2•17 years ago
|
||
Yes, for Secure Login for example: https://addons.mozilla.org/firefox/4429/ https://blueimp.net/mozilla/
|
|
||
Comment 3•17 years ago
|
||
This was implemented temporarily on trunk, by attachment 262187 [details] [diff] [review] to bug 373253. Trunk then switched to the new Login Manager code, which replaces all the old interfaces with new ones.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
Reporter | |
Comment 4•17 years ago
|
||
Thanks, Justin for the new LoginManager in Firefox 3.0a5 - this resolves the issue here. Will there be a fix for Firefox 2 as well?
|
|
||
Comment 5•17 years ago
|
||
|
|
||
Comment 6•17 years ago
|
||
The last attachment has the relevant bits extracted from the older trunk patch I mentioned in comment #3... dveditz, is this something that can be taken on branch?
|
|
||
Updated•17 years ago
|
Version: unspecified → 2.0 Branch
|
||
Comment 7•17 years ago
|
||
Sure, but you'll have to implement it as a new _MOZILLA_1_8_BRANCH interface instead of changing the existing iface. Sounded like Sebastian also wanted changes to nsIPasswordInternal, for password entry information, not just a change for adding passwords. A change to that interface would also have to undergo branch uglification. Ugly, but allows old extensions to keep working and updated extensions can work equally well in new and old versions by detecting whether or not the new interface exists.
|
|
||
Comment 8•16 years ago
|
||
I think this is essentially WONTFIX at this point. FF3 is out, and there doesn't seem to be a pressing need to get this in FF2. If someone wants to do the legwork to polish up the proof-of-concept here for the 1.8 branch, and write a set of tests for it, then I *might* be willing to take it... But that seems unlikely, and there's not much point in keeping the bug around just waiting for FF2 support to officially EOL.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WONTFIX
|
Assignee | |
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•