Created attachment 8900249 [details] pass_bug.jpg User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0 Build ID: 20170628075643 Steps to reproduce: After entering an email id in the email field of a site., when the autofill pops up choose the corresponding email ID and the password gets autofilled. Then type in an extra character and sign up using the incorrect password. The save password option pops up and there click on show password option. Actual results: The actual saved password can be seen then with the extra incorrect character. This way anyone using the same machine can find out another user's password. Expected results: The old password should not be visible.
This is an expected part of how saved passwords work, and there is no reasonable solution to this problem. Saved passwords are also accessible in the preferences and using the developer tools. The long and short of it is: don't give someone you don't trust access to a running instance of Firefox (or Chrome, or Edge, or ...) that knows your password(s). If you share the machine with people you wouldn't want to have access to your passwords or accounts, use separate OS user accounts and do not leave your machine unattended at any time.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.