Closed
Bug 1339059
Opened 7 years ago
Closed 2 years ago
Firefox reports that logins could be compromised for a hidden dynamic form on mylawyer.co.uk
Categories
(Toolkit :: Password Manager: Site Compatibility, defect, P5)
Tracking
()
RESOLVED
INCOMPLETE
| Tracking | Status | |
|---|---|---|
| firefox51 | --- | affected |
People
(Reporter: matthew.bugzilla, Unassigned)
References
()
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 Build ID: 20170125094131 Steps to reproduce: Open http://www.mylawyer.co.uk/ Actual results: Firefox reports that "Logins entered on this page could be compromised" and (in the console) "Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen." Expected results: Firefox should not report any security issues since there is no login form on the page.
|
||
Comment 1•7 years ago
|
||
What does the JavaScript on that page do which has lines like "passwordStrengthMethod" or "usersession"?
Component: Untriaged → Password Manager: Site Compatibility
Product: Firefox → Toolkit
|
Reporter | |
Comment 2•7 years ago
|
||
I'm not exactly sure, but why is that relevant? There is no login form on the page; or do you disagree?
| Comment hidden (off-topic) |
|
||
Comment 4•7 years ago
|
||
(In reply to Matthew Kogan from comment #2) > I'm not exactly sure, but why is that relevant? There is no login form on > the page; or do you disagree? A login form is created even though it's not visible: <form id="modalForm" action="#" autocomplete="off"> <p>Please confirm your username and select a password. Your password will be used to update sensitive account details.</p> <p> <label for="CustomerLogin">Email</label><br> <input class="e_modalText" id="CustomerLogin" name="CustomerLogin" placeholder="Username" type="text"> </p> <p> <label for="NewPassword">Password</label><br> <input class="e_modalText" id="NewPassword" name="NewPassword" placeholder="Password" type="password"> </p> <p> <label for="ConfirmPassword">Repeat password</label><br> <input class="e_modalText" id="ConfirmPassword" name="ConfirmPassword" placeholder="Repeat password" type="password"> </p> </form> I think this isn't something we will fix since the login form could appear at any point after the user looks at the address bar so it's not really a bad thing.
Blocks: 1179961
Status: UNCONFIRMED → NEW
status-firefox51:
--- → affected
Ever confirmed: true
Priority: -- → P5
|
|
||
Updated•7 years ago
|
Summary: Firefox reports that logins could be compromised but there is no login form → Firefox reports that logins could be compromised for a hidden dynamic form on mylawyer.co.uk
| Comment hidden (off-topic) |
Page is https now
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•