bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

[Tracking] Password Manager Security

NEW
Unassigned

Status

()

Toolkit
Password Manager
4 years ago
2 years ago

People

(Reporter: tanvi, Unassigned)

Tracking

(Depends on: 7 bugs, Blocks: 2 bugs, {meta})

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

4 years ago
Master tracking bug for all Password Manager security issues.

Adding some existing bugs here.  Will file more and do a clean up of the below (to resolve duplicates)

759860, 534541 - Don't autofill username and password
748193 - Add a warning for insecure password fields
653132, 443345 - Secure Filling
(Reporter)

Comment 1

4 years ago
Bug 360493 - check the form action's hostname hasn't changed from the time you saved the password.  This was an issue with sites that reflected user generated content and allowed their users to inject <form> element.  This was fixed, adding it as a dependent here for completeness.
(Reporter)

Updated

4 years ago
Component: Security → Password Manager
Product: Core → Toolkit
(Reporter)

Updated

4 years ago
Depends on: 1118511
(Reporter)

Updated

4 years ago
No longer depends on: 534541, 759860
(Reporter)

Updated

4 years ago
Depends on: 1118540
(Reporter)

Updated

4 years ago
Depends on: 1118549
(Reporter)

Updated

4 years ago
Depends on: 1118553
(Reporter)

Updated

4 years ago
Depends on: 1118558
(Reporter)

Comment 2

4 years ago
Bug 1118511 - Don't autofill username and password
Bug 748193 - Add a warning for insecure password fields (in general)
Bug 1118558 - Add a warning for insecure password fields in the saved logins UI
Bug 1118540 - Secure Filling
Bug 1118549 - Encrypting passwords stored by the Password Manager
Bug 1118553 - Flag duplicate passwords in Password Manager UI 
Bug 360493 - Use the hostname of form action as part of the key when saving passwords (already done)
No longer depends on: 443345, 653132
Keywords: meta
Summary: Password Manager Security → [Tracking] Password Manager Security
I'm appending this to our Password Manager 2015 tracking bug, to give people working on that visibility into what sort of security improvements we're thinking about.
Blocks: 1118955
(Reporter)

Updated

4 years ago
Depends on: 667233
(Reporter)

Updated

4 years ago
Depends on: 1121119
(Reporter)

Updated

3 years ago
Depends on: 1174327
(Reporter)

Updated

3 years ago
Depends on: 1192066
(Reporter)

Updated

3 years ago
Depends on: 1217152
(Reporter)

Updated

3 years ago
Depends on: 653132
(Reporter)

Updated

3 years ago
Depends on: 1178855
(Reporter)

Updated

2 years ago
Blocks: 786276
You need to log in before you can comment on or make changes to this bug.