Closed
Bug 373309
Opened 17 years ago
Closed 15 years ago
FM Should Check the Action Scheme Before POST of Password Fields
Categories
(Toolkit :: Form Manager, defect)
Toolkit
Form Manager
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: shinyairplane, Unassigned)
References
Details
Attachments
(1 file)
|
937 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2 From Bug #360493, during testing of the patch we exposed a password to the local screen using "mailto" as the "action" scheme. A test case will be attached. Assigning to FM instead of PM because this problem is not relevant if the "action" is already saved. Reproducible: Always Steps to Reproduce: May depend on system configuration. We used FF 2.0.0.2 and Outlook 2003. _____________ Robert Chapin Chapin Information Services, Inc.
|
Reporter | |
Comment 1•17 years ago
|
||
|
|
Reporter | |
Comment 2•17 years ago
|
||
Note the encryption warning issued by the test case is due to the file being hosted on https. Save and test elsewhere to confirm.
|
||
Comment 3•17 years ago
|
||
So, I see two scenarios where this bug is relevant: 1) The "Whoops, my admin is dumb and is sending sensitive data through a mailto." That is, there isn't malicious intent, but there's the potential for badness. 2) The Attacker-creates-mailto-form scenario. This is much more nefarious and quite plausible - a phishing form could mailto, for instance. If the scenario we're concerned with is #2 though, this bug seems unlikely to offer any real protection, since an attacker will just style a non-password input to look like a password field. They won't tip their hand. An attacker could also do lots of other things to get that password, of course, and I know you've opened bugs tracking some of those, but the question is whether this bug adds anything to the user's safety. For scenario #2 I don't think it does. Are we talking about scenario #1 only then?
|
|
Reporter | |
Comment 4•17 years ago
|
||
I think there is a common-sense factor about protecting both scenarios. Password fields can protect PINs, SSNs, credit card numbers, etc. The actual reason behind the action being mailto only figures into the severity of the bug.
|
||
Comment 5•17 years ago
|
||
Fwiw, IE7 gives this dialog when submitting with the testcase: " This form is being submitted using e-mail. Submitting this form will reveal your e-mail address to the recipient, and will send the form data without encrypting it for privacy. You may continue or cancel this submission. " So maybe Firefox should do something similar?
|
||
Comment 6•17 years ago
|
||
I guess not is the last chance to try and do anything for fx3. should we try?
Flags: blocking-firefox3?
|
||
Comment 7•16 years ago
|
||
Not blocking, far too late for changes of this type.
Flags: blocking-firefox3? → blocking-firefox3-
|
Assignee | |
Updated•16 years ago
|
Product: Firefox → Toolkit
|
||
Updated•16 years ago
|
Group: core-security
|
||
Comment 8•15 years ago
|
||
I don't think there's much value in warning the user about submitting a password over email. We could quibble about the details, but to a gross approximation email is no different than HTTP -- both are an unencrypted, unauthenticated path. Anyone between the user and the end recipient could monitor and/or modify the data without being detected. We've already removed the warnings about submitting unencrypted forms, because they end up just being confusing noise to users. So it's not worse than that. [It's arguably better, since the form submission just opens a message in your email client, so users still have the opportunity to change their mind before clicking "send".]
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•