Closed Bug 1508936 Opened 3 years ago Closed 3 years ago

Wrong label is shown on Windows login UI when retrieving credit card numbers


(Core :: Security: PSM, defect, P1)

65 Branch



Tracking Status
firefox64 --- disabled
firefox65 --- wontfix
firefox66 --- verified


(Reporter: hani.yacoub, Assigned: franziskus)



(Whiteboard: [webpayments-reserve])


(2 files)

[Affected versions]: 
Nightly 65.0a1 

[Affected platforms]:
Platforms: Windows 10 x64 and Windows 7 x32

- set the pref dom.payments.request.enabled to "true"
- set the pref to "US"
- make sure to have at least one Shipping Address and saved CC

[Steps to reproduce]:
1. Go to "" and click on "Buy".
2. Select any address and a Payment Method enter the CVV.
3. Click on "Pay".
4. Observe Windows Security window.

[Expected result]:
Firefox is trying to use stored credit card information. Enter password to allow this.
Firefox is trying to show credit card information. Enter password to allow this.
Messages should be displayed.

[Actual result]:
Wrong label is shown on Windows login UI when retrieving credit card numbers.
Flags: qe-verify+
QA Contact: hani.yacoub
Whiteboard: [webpayments] [triage]
Blocks: 1504268
There seems to be an encoding issue of some sort. Franziskus, can you take a look at this?
Blocks: 1498518
Component: WebPayments UI → Security: PSM
Flags: needinfo?(franziskuskiefer)
Priority: -- → P3
Product: Firefox → Core
Whiteboard: [webpayments] [triage] → [webpayments]
Whiteboard: [webpayments] → [webpayments-reserve]
Unfortunately I don't get any prompt message in the scenario described in comment 0.

But the screenshot looks like an encoding issue. The API currently takes an ACString [1], which gets converted to an nsString for Windows.
Do we know how this looks on macOS? There we keep using UTF-8. We could the narrow interface on Windows as well.

Flags: needinfo?(franziskuskiefer)
It works fine on macOS currently. 

Not sure why you don't see the prompt using the STR if you're on a recent Nightly. Does the following code snippet in the Browser Console reproduce the problem for you on Windows? Make sure = true

> await Cc[";1"].getService(Ci.nsIOSReauthenticator).asyncReauthenticateUser(Cu.import("resource://formautofill/FormAutofillHandler.jsm").reauthPasswordPromptMessage)
Flags: needinfo?(franziskuskiefer)
Looks like NS_ConvertUTF8toUTF16 isn't doing the right thing (at least not what I thought it was doing). We need to convert the string with mbstowcs to a wide char.
It only worked in the latest nightly, I had to update :|
Flags: needinfo?(franziskuskiefer)
Assignee: nobody → franziskuskiefer
Priority: P3 → P1
I don't think the problem is that NS_ConvertUTF8toUTF16 does the encoding wrong, I think the problem is that the object it returns is being destructed before the end of the line, as soon as the PromiseFlatString constructor returns; that's what my debugger is showing me, anyway. The PromiseFlatString object gets its lifetime extended by assigning it to a const&, but the NS_ConvertUTF8toUTF16 doesn't get that treatment, so it's just tossed out as a temporary after the expression is done being evaluated. I can make the bug go away by doing something like:

const nsString& utf16Prompt = NS_ConvertUTF8toUTF16(aPrompt);
const nsString& prompt = PromiseFlatString(utf16Prompt);
Just to make sure Franziskus saw comment 7.
Flags: needinfo?(franziskuskiefer)
Flags: needinfo?(franziskuskiefer)
Attachment #9027111 - Attachment description: Bug 1508936 - convert to wide char with mbstowcs for windows re-auth → Bug 1508936 - Fix conversion to wide characters in OSReauthenticator
Pushed by
Fix conversion to wide characters in OSReauthenticator r=keeler,mhowell
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66

I'm not sure how to verify this since "Windows security" window doesn't open any more.
The same thing is applied to bug 1504268 also.

Matt, is there a way how could I verify this bug?

Flags: needinfo?(MattN+bmo)

You can set the pref extensions.formautofill.reauth.enabled to true

Flags: needinfo?(MattN+bmo)

Verified as fixed on Firefox Nightly 66.0a1 (2019-01-27) on Windows 10 x 64, Windows 7 x32.

Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.