Open Bug 1118400 Opened 10 years ago Updated 2 years ago

[Tracking] Password Manager Security


(Toolkit :: Password Manager, defect)





(Reporter: tanvi, Unassigned)


(Depends on 5 open bugs, )


(Keywords: meta)

Master tracking bug for all Password Manager security issues.

Adding some existing bugs here.  Will file more and do a clean up of the below (to resolve duplicates)

759860, 534541 - Don't autofill username and password
748193 - Add a warning for insecure password fields
653132, 443345 - Secure Filling
Bug 360493 - check the form action's hostname hasn't changed from the time you saved the password.  This was an issue with sites that reflected user generated content and allowed their users to inject <form> element.  This was fixed, adding it as a dependent here for completeness.
Component: Security → Password Manager
Product: Core → Toolkit
Depends on: 1118511
No longer depends on: 534541, 759860
Depends on: 1118540
Depends on: 1118549
Depends on: 1118553
Depends on: 1118558
Bug 1118511 - Don't autofill username and password
Bug 748193 - Add a warning for insecure password fields (in general)
Bug 1118558 - Add a warning for insecure password fields in the saved logins UI
Bug 1118540 - Secure Filling
Bug 1118549 - Encrypting passwords stored by the Password Manager
Bug 1118553 - Flag duplicate passwords in Password Manager UI 
Bug 360493 - Use the hostname of form action as part of the key when saving passwords (already done)
No longer depends on: 443345, 653132
Keywords: meta
Summary: Password Manager Security → [Tracking] Password Manager Security
I'm appending this to our Password Manager 2015 tracking bug, to give people working on that visibility into what sort of security improvements we're thinking about.
Depends on: 667233
Depends on: 1121119
Blocks: passwords-2015
No longer blocks: passwords-2015-Q1
Depends on: 1174327
Depends on: 1174333
Depends on: 1192066
Depends on: 1217152
Depends on: 653132
Depends on: 1178855
Depends on: 1272507
Blocks: 786276
No longer blocks: 786276
Depends on: 786276
Depends on: 1229745
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.