Closed
Bug 1093183
Opened 10 years ago
Closed 3 years ago
New tabs tile for Wells Fargo Online undesirably shows bank username
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: dylan.cross, Unassigned)
References
Details
(Keywords: privacy)
Attachments
(1 file)
174.74 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0 Build ID: 20140923175406 Steps to reproduce: Concise: Use online banking commonly Press ctrl+t Look at tile for bank site Expanded: One of my more commonly visited site is my online banking so it shows up on a tile when I press ctrl+t as a shortcut. When I look at the tile for the Wells Fargo site, I see my username in the screenshot of the page. Actual results: As it is online banking, I don't save my username or password for security. However, firefox saves a screenshot in which any user on my browser can see my username. Attached is a screenshot, with my actual username disguised. Expected results: I expect and would insist my username not appear on the tiles screen just as it by default does not show up on the page when I view it.
Reporter | ||
Updated•10 years ago
|
Severity: normal → major
Updated•10 years ago
|
Updated•10 years ago
|
Group: core-security
Comment 2•10 years ago
|
||
Bug 755996 is too broad to be useful, we need to debug some specific cases. This case looks like an example of a the username form field being autofilled. If we're capturing in the foreground, that makes sense (either we're capturing after the password manager filled it in, or the site itself is remembering it via a cookie). Not much we can do about that. The site could in theory set the "Cache-Control: no-store" header to prevent it, but presumably they don't want that in this case since this is just the sign-in page. If we're capturing in the background, our background thumbnailer tries to avoid capturing anything sensitive by not sending cookies, but it's possible we're still auto-filling username/passwords in these background loads. If we are doing that, we should probably prevent it somehow.
Updated•10 years ago
|
Component: Untriaged → General
Reporter | ||
Comment 3•10 years ago
|
||
Gavin, To clarify: When I go to the site, there isn't any auto-fill either by the website or firefox. The site won't do it (as it's a bank site), and I've declined the firefox option to remember (as it's a bank site). I hope that helps.
Comment 4•10 years ago
|
||
(In reply to Dylan Cross from comment #3) > To clarify: > When I go to the site, there isn't any auto-fill either by the website or > firefox. The site won't do it (as it's a bank site), and I've declined the > firefox option to remember (as it's a bank site). Given that the screenshot shows a filled in username, that suggests that we just happened to take a snapshot while you were typing. We take snapshots 1 second after tab switches, or after scrolling, or after the page finishes loading.
Hi,
I don't have the proper credentials to access Wells Fargo to test if this is still reproducible.
Given the fact that this is a 7-year-old bug, it seems to me that it may be outdated. Could you please check if this is still an ongoing issue?
Thanks in advance,
Virginia
Flags: needinfo?(dtownsend)
Closing this as Resolved - WFM since we don't have enough information to reproduce this issue, and the eporter is inactive.
If this is still being investigated or the issue is ongoing, please reopen it.
Thanks,
Virginia
Status: REOPENED → RESOLVED
Closed: 10 years ago → 3 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•