When a second set of credentials is saved by logging into google, the first's set's password is saved
Categories
(Toolkit :: Password Manager: Site Compatibility, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox-esr68 | --- | wontfix |
firefox66 | --- | unaffected |
firefox67 | --- | unaffected |
firefox68 | --- | wontfix |
firefox70 | --- | wontfix |
firefox71 | --- | wontfix |
firefox72 | --- | wontfix |
firefox73 | --- | wontfix |
firefox74 | --- | wontfix |
firefox103 | --- | wontfix |
firefox104 | --- | wontfix |
People
(Reporter: danibodea, Assigned: serg)
References
(Depends on 1 open bug, )
Details
(Keywords: regression)
Attachments
(2 files)
Note
- When logging into Google in 2 different accounts consecutively and saving the credentials, the second set will steal the first set's password.
Affected versions
- Nightly v68.0a1
Affected platforms
- Windows 10
- Mac OS 10.13.6
- Ubuntu 16.04
Steps to reproduce
- Open Firefox with a new profile.
- Reach: https://www.google.com/
- Click on the "Sign in" button.
- Input any email for of a string and tap ENTER.
- Input any string as a password and tab ENTER.
At this point: The pop-up to save the credential set is displayed; Confirm it. - Click on the email to go back and log with another email.
- Input another email form and tap ENTER.
Expected result
- The pop-up to save the credentials should only be displayed after the password is inputted.
Actual result
- The pop-up to save the second set of credentials is already displayed, before even inputting the second password. The password string is stolen from the first saved credentials set.
Steps to reproduce PART2
8. Click "Save" to save the second credential set (with the wrong password).
9. Input any string as the second password and tap ENTER.
10. The pop-up to update the second set of credential with the correct password is displayed.
Regression range
- This appears to be a recent regression because it does not occur on the Release version v66.0.2;
- The mozregression gave out the "Unable do bisect" error, but the mozregression log should be enough to determine the regressor. The log is attached.
- This issue also occurs in the case of logging in to the Yahoo.com:
https://login.yahoo.com/config/login?.src=fpctx&.intl=ro&.lang=ro-RO&.done=https%3A%2F%2Fro.yahoo.com
and most probably to any site that has the usermane/email field and the password field on different pages.
Comment 1•5 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=88033151&tochange=1d783ed6
I think is is a side-effect of bug 1287202 that we'll probably have to live with as we have no idea that the password isn't the matching one. This also seems like an edge case.
Updated•5 years ago
|
Updated•5 years ago
|
Comment 3•5 years ago
|
||
Updating the affected flags. Reproducible on latest Beta 70.0b8 (64-bit) and Nightly71 on Windows 10 x64.
Note that this is reproducible only when there is 1 set of credentials saved.
As per the spec, when there is only 1 set of credentials saved for a site, the fields will be pre-filled with the info.
If there are multiple credentials saved for google.com, the password won't be filled on the second page due to the autofill dropdown which will appear instantly and allow the user to select a password.
Comment 4•5 years ago
|
||
Bugbug thinks this bug is a regression, but please revert this change in case of error.
Comment 5•5 years ago
|
||
Matt, is this something you intend to address in the future?
Comment 6•5 years ago
|
||
Possibly, depending on the feedback we get in Beta and Release
Comment 7•5 years ago
|
||
(In reply to Matthew N. [:MattN] (PM me if requests are blocking you) from comment #6)
Possibly, depending on the feedback we get in Beta and Release
Did you get the feedback your expected over the last month? Should we care about it for 71? Thanks
Comment 8•5 years ago
|
||
I haven't seen any user complaints about this so I don't think it's a pressing issue.
Comment 9•4 years ago
|
||
I am still concerned about this and will update the affected flags. Attached the current behavior.
Updated•4 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Comment 10•3 years ago
|
||
QA is tracking and requesting progress on this one. Lets re-triage.
Updated•3 years ago
|
Updated•3 years ago
|
Comment 12•2 years ago
|
||
This seems similar to https://bugzilla.mozilla.org/show_bug.cgi?id=1600397 not sure if they're related ?
Assignee | ||
Updated•2 years ago
|
Reporter | ||
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Description
•