Password manager pollutes non-login pages with user's login and password data
Categories
(Toolkit :: Password Manager, defect, P3)
Tracking
()
People
(Reporter: sergei, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: regression, Whiteboard: [passwords:heuristics])
Updated•10 years ago
|
Comment 3•10 years ago
|
||
Comment 4•10 years ago
|
||
Comment 5•10 years ago
|
||
Comment 6•10 years ago
|
||
Comment 8•10 years ago
|
||
Comment 10•10 years ago
|
||
Comment 11•10 years ago
|
||
Updated•10 years ago
|
Comment 12•10 years ago
|
||
Updated•6 years ago
|
Comment 14•6 years ago
|
||
I'm not sure if this is the right place to comment as I've seen many bugs related to the same topic. I just want to add that I have been experiencing the same issue. In any form that has an input[type=password] Firefox auto-fills with a saved password even if the field is not asking for a password, and it then fills the preceding input[type=text] with a username even if the field is not asking for a username. This is very problematic. Not all password type fields are for logins. Often they are used for obfuscating other sensitive data. And to assume that a preceding text field must be username is just wrong. Since Firefox fills these without any actions on the user’s behalf or notification that it happened, often users don't even realize it happened causing erroneous data to be stored in, i.e., user profiles or submitted in non-login forms. In short, Firefox should only ever auto-fill username and password in login forms. There are bug reports going back at least 10 years with the same issue 499223.
Comment 15•6 years ago
|
||
The "new person" page should use the autocomplete="new-password"
attribute on <input type=password>
to prevent autofilling saved credentials. It will be honoured in Firefox 67+.
(In reply to Jon from comment #14)
We are addressing your issues in various ways such as bug 1189524 and bug 917325.
Description
•