Closed
Bug 1268250
Opened 8 years ago
Closed 8 years ago
When you save a password and go back to the page to find your password prefilled, then change the input type to "text" the password value will stay in the input and it will show. Unveiling your password.
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 933223
People
(Reporter: tedvanriel, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 Steps to reproduce: 1. Let your password be pre-filled in. 2. Open the HTML-editor 3. Change password input type to "text" Actual results: Password was shown on screen. Expected results: Password input value should be emptied or type should not be allowed to change.
Reporter | ||
Updated•8 years ago
|
Severity: normal → major
Comment 1•8 years ago
|
||
At the point where the password is filled into the box, the web page can read it, and therefore so can you. This isn't reasonably fixable. You should make sure your machine is not used by people you don't trust when your user account is logged in, the browser is open, etc.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•