Closed
Bug 1107422
Opened 10 years ago
Closed 10 years ago
Stealing Firefox saved passwords
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 359675
People
(Reporter: balo.andras, Unassigned)
Details
Attachments
(1 file)
858 bytes,
application/zip
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Build ID: 20141125180439 Steps to reproduce: First we need a target site where is an XSS attack. After we can create an iframe with target site login page. Finally by using an XSS attack we easily can read Firefox saved password from the password input. Actual results: We could easily steal the plain password without hash cracking or using any advanced techniques. Some webpages aren't vulnerable by using X-Frame-Options, however there are a lot targets. I included the proof of concept. Expected results: Firefox shouldn't reload the password field when we open the page with an iframe. Chrome or IE isn't vulnerable.
Reporter | ||
Updated•10 years ago
|
Summary: Steal Firefox saved passwords → Stealing Firefox saved passwords
Reporter | ||
Comment 1•10 years ago
|
||
Wordpress is also vulnerable where is a big persistent XSS issue (on older versions). http://klikki.fi/adv/wordpress.html
Comment 2•10 years ago
|
||
Sadly this is a known issue, and the password manager folks consider it the site's problem that it suffers from XSS. Only save your password on sites you know don't have XSS anywhere (or toggle the pref signing.autofillForms to false). See https://bugzilla.mozilla.org/show_bug.cgi?id=408531#c9
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Comment 3•10 years ago
|
||
Also bug 786276 is relevant for addressing just the stealing-via-frame aspect (and something like that is why Chrome and IE are safe from your PoC).
Comment 4•10 years ago
|
||
the pref is signon.autofillForms isn't it?
Reporter | ||
Comment 5•10 years ago
|
||
In this case I am so sad. By Trustwave Global Security Report 82% of applications contains XSS vulnerability. Why this vulnerability is so serious? *Password is the most sensitive data if we can get the password we got everything. *We don't have to be logged in. *MOST people use the same username and password on a lot of websites. *XSS is so common vulnerability and we can prevent it globally. *This vulnerability can be fixed, XSS not. *We even can write a robot so we don't have to prepare it for a specific website.
Reporter | ||
Comment 6•10 years ago
|
||
If I have to choose by between confort and secourity I'd choose the secourity.
You need to log in
before you can comment on or make changes to this bug.
Description
•