Closed
Bug 1626535
Opened 5 years ago
Closed 5 years ago
The vulnerable logins are sometimes not marked as vulnerable after syncing logins or adding outside about:logins without refreshing the page
Categories
(Firefox :: about:logins, defect, P1)
Tracking
()
VERIFIED
FIXED
Firefox 76
| Tracking | Status | |
|---|---|---|
| firefox76 | --- | verified |
People
(Reporter: srosu, Assigned: jaws)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
VulnerablePasswordNotRecognized_Sync.gif
[Affected versions]:
- Nightly 76.0a1 (Build ID: 20200331225823)
[Affected Platforms]:
- Windows 10 x64
- Mac 10.14.6
- Ubuntu 18.04 x64
[Prerequisites]:
- Have a Firefox Account with at least 2 saved logins, one breached and another one vulnerable. (the vulnerable login must be without username)
[Steps to reproduce]:
- Open the Firefox browser.
- Navigate to the “about:logins” page.
- Click the “Sign in to Sync” button and log in with the Firefox Account from prerequisites.
- Switch back to the “Logins & Passwords” tab.
- Observe the vulnerable login without the username.
[Expected result]:
- The login is marked as vulnerable.
[Actual result]:
- The key icon and notification are not displayed.
[Notes]:
- This issue is not reproducible for the breached logins without a username.
- Attached a screen recording with the issue.
|
Assignee | |
Updated•5 years ago
|
Assignee: nobody → jaws
Status: NEW → ASSIGNED
Flags: needinfo?(jaws)
|
|
Assignee | |
Updated•5 years ago
|
Priority: -- → P1
|
|
Assignee | |
Updated•5 years ago
|
Flags: qe-verify+
|
|
Assignee | |
Comment 2•5 years ago
|
||
|
|
Assignee | |
Comment 3•5 years ago
|
||
When a user signs in to their Firefox Account and logins are synced, the "addLogin" notification is sent to all observers and logins are added one at a time to about:logins. This is the same behavior as having two separate windows open to about:logins and adding a login manually in one window and checking that the login is added in the other window.
After investigating this bug, I found two issues:
- When a login is added in window A, the login will appear in window B and is not always marked as "vulnerable" in the login-list. This is easier to reproduce when the user has many logins (over 400), though it can still happen when the user has few logins (less than 10).
- Also, in window B the login will not get sorted up to the top with the other alerts. It should appear beneath any breached logins and before logins that are neither breached or vulnerable.
I was unable to find any association with logins that lack a username.
Pushed by jwein@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c526677e5ffb
Update the vulnerable and breached maps before adding the new login to the page. r=sfoster
|
||
Updated•5 years ago
|
Summary: The vulnerable logins without username are not marked as vulnerable after syncing logins without refreshing the page → The vulnerable logins are sometimes not marked as vulnerable after syncing logins or adding outside about:logins without refreshing the page
|
||
Comment 5•5 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 76
|
||
Comment 6•5 years ago
|
||
This issue is Verified as fixed in our latest Nightly build 76.0a1 (2020-04-06) on Windows 10, Ubuntu 18.04 and Mac Osx 10.15.
You need to log in
before you can comment on or make changes to this bug.
Description
•