Closed Bug 1592022 Opened 6 years ago Closed 6 years ago

Credentials of other sub domain sites are shown in the parent domain

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Version:
71 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: capitalz, Unassigned)

Details

Attachments

(1 file)

firefox-showing-all-logins.png
84.59 KB, image/png
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0

Steps to reproduce:

Trying to login to my intended site

Actual results:

It shows all the possible logins when I click on the Login field.
It shows first the credentials for the exact domain. After that, it shows all credentials for all subdomain of that site.

Expected results:

Firefox should only show credentials of the exact site, and not all of it's subdomains.

I use Firefox 71.0b4 (64-bit) on Windows 10 (Version 10.0.17763 Build 17763)

Removing security flags - it's not a security issue that's exploitable by third parties.

Group: firefox-core-security
Component: Untriaged → Password Manager
Product: Firefox → Toolkit

(In reply to CAPital Z from comment #0)

Expected results:

Firefox should only show credentials of the exact site, and not all of it's subdomains.

This is by design; in 71 we have set signon.includeOtherSubdomainsInLookup to default to true. See bug 589628 for the motivations for this feature.

Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: