Closed Bug 1268250 Opened 8 years ago Closed 8 years ago

When you save a password and go back to the page to find your password prefilled, then change the input type to "text" the password value will stay in the input and it will show. Unveiling your password.

Tracking

()

Status:

RESOLVED DUPLICATE of bug 933223

People

(Reporter: tedvanriel, Unassigned)

Details

tedvanriel

Reporter

Description

•

8 years ago

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36

Steps to reproduce:

1. Let your password be pre-filled in.
2. Open the HTML-editor
3. Change password input type to "text"


Actual results:

Password was shown on screen.


Expected results:

Password input value should be emptied or type should not be allowed to change.

tedvanriel

Reporter

Updated

•

8 years ago

Severity: normal → major

:Gijs (he/him)

Comment 1

•

8 years ago

At the point where the password is filled into the box, the web page can read it, and therefore so can you. This isn't reasonably fixable. You should make sure your machine is not used by people you don't trust when your user account is logged in, the browser is open, etc.

Group: firefox-core-security

Status: UNCONFIRMED → RESOLVED

Closed: 8 years ago

Resolution: --- → DUPLICATE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

When you save a password and go back to the page to find your password prefilled, then change the input type to "text" the password value will stay in the input and it will show. Unveiling your password.

Categories

(Firefox :: Untriaged, defect)

Tracking

()

People

(Reporter: tedvanriel, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1