Closed Bug 1060307 Opened 10 years ago Closed 10 years ago

Security issue - Clicking Cancel on Master Password popup makes it possible to read all emails.

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
24 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 318697

People

(Reporter: kent, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0 (Beta/Release)
Build ID: 20140716183446

Steps to reproduce:

Starting up TB - Master password dialog pops up.
Clicking cancel (or pressing ESC) 10 times makes the dialogue go away and then it's free for everyone to read the emails.


Actual results:

After ESC 10 times, the dialogue disappears, giving full access to the mails.
If the same is done with 'Get Mail', it actually downloads new mail aswell. Giving no protection at all to the user.


Expected results:

If clicked cancel, the popup should re-appear OR close application.
When you typed in the bug form, bug 318697 was listed as a possible duplicate. Indeed what you are reporting is bug 318697.  Master password is not designed to protect your email, it is designed to protect userids and passwords.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.