Closed Bug 1325392 Opened 8 years ago Closed 8 years ago

multiple accounts sync exposes a security risk

Categories

(Firefox for iOS :: General, defect)

Product:
Firefox for iOS
Component:
General
Platform:
Other
iOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1292565

People

(Reporter: iamsanga7, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0.2 Safari/602.3.12

Steps to reproduce:

1. Log in to Firefox Account 1 with saved logins
2. Save / sync logins on device
3. Log out of Firefox Account 1
4. Log in with another Firefox Account 2 with saved logins



Actual results:

1) Logins are merged. This scenario can be a possible security risk considering that the logins can be transferred to a unwanted account when Passcode or Touch ID is set On just by logging in / out action.  



Expected results:

1. - The password should be requested when logging out of account 1 in case of someone wanting to intentionally transfers the logins to another account. 
 
2. - After logging out of account 1 and logging in with account 2 a prompt message should be displayed informing the user that the existing logins are merged with the ones existing on account 2. If the user wishes to continue this action then the logins password should be request (in the event that) if not the logins on the device should be deleted and logging in to account 2 should proceed.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.