User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0 Build ID: 20160604131506 Steps to reproduce: 1. Go to www.google.com 2. Searched for "~@gmail.com" '$password' => filetype:log 3. Went to page number 7 in google search " https://www.google.com/search?q=%22~%40gmail.com%22+%27%24password%27+%3D%3E+filetype:log&biw=1366&bih=638&noj=1&ei=z4iCV6nPE9Oja82EtLAL&start=60&sa=N" 4. Found https://people.mozilla.org/~nalexander/ Actual results: Found information that are not supposed to be for public Expected results: The page should not be visible to others or password protected
Hi folks, these logs look bad 'cuz they're Android system logs, so they include a lot of noise, which in this case included my @gmail.com address and logging about Fennec's Sync PasswordProvider. This is just logging about the operation of the module and doesn't include any *actual* passwords. Firefox for Android is very careful to never leak PII to the log (you can with a special flag, but our users don't use that). (If we do, that's a serious bug. But I'm quite confident we don't, and those logs definitely don't.) Finally, I don't run Sync against my actual email account, precisely to not mix work and play in logs like this. In any case, I've deleted the logs, in case I missed something. Thanks for the report, Sami!