Closed
Bug 119828
Opened 23 years ago
Closed 23 years ago
Credit Card information plainly visible w/o supplying a password
Categories
(Toolkit :: Form Manager, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: bugzilla, Assigned: morse)
Details
(Keywords: privacy)
Even with the Master Password feature turned on, I'm only six clicks away from seeing someones stored credit card information in Mozilla. Edit | Prefs | Privacy and Security | Forms | View Stored Data | Credit Card. That's very uncool. There should either be a password for using my profile, or a password on View Stored Data at the very least.
Assignee | ||
Comment 1•23 years ago
|
||
If you had the data encrypted rather than obscured, you would not be able to view the data. When you hit the "view" button, you would have received a messgae asking for your master password. And if you failed to supply it, you would have received a message saying "unable to unlock the database".
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
What are you talking about? Where is that an option? I, like most people, put trust in Mozilla that I didn't have to find an obscure option to keep my data safe.
Assignee | ||
Comment 3•23 years ago
|
||
It's in tasks->privacy->password-manager->encrypt When you first saved your credit-card information you were presented with a dialog explaining all this to you, and telling you that if you wanted security you need to encrypt your data. I guess you didn't read that dialog. To see what I'm talking about, create a fresh profile and then save some form data. You'll see that dialog.
bz on irc.mozilla.org showed me Preferences > Privacy and Security > Web Passwords. I'm guessing there's a dialog that pops up and tells me that I need to encrypt my data, but if that's all it does (tell me, not give me the option to do it right then) it's deficient. It should give me the option of right then and there turning this on, IMO. Should I file a new bug suggesting that or modify this one?
Assignee | ||
Comment 5•23 years ago
|
||
See the discussion in bug 43503. It explains that this dialog is really a CYA thing and not really intended to give users the option to set the encryption mode at that time. If is presented for legal reasons only, so that a person experiencing what you did can't hold Netscape/Mozilla liable when your sensitive information is compromised.
You need to log in
before you can comment on or make changes to this bug.
Description
•