Closed Bug 1635007 Opened 5 years ago Closed 5 years ago

Utilising the autofill functionality for information exfiltration

Categories

(Toolkit :: Form Autofill, enhancement)

Product:
Toolkit
Component:
Form Autofill
Version:
75 Branch
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1392944

People

(Reporter: panagiotis.ilia, Unassigned)

Details

Attachments

(1 file)

Disclosure_firefox.pdf
149.87 KB, application/pdf
Details
Attached file Disclosure_firefox.pdf

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36

Steps to reproduce:

Web pages can use various techniques to hide input elements in a form, in order to exfiltrate user sensitive information in a stealthy way. Also, the autofill warning message that is shown does not adequately inform the user about what information will actually be provided to the form, as it only shows the generic categories of this information. Please check the attached file for more details.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Form Autofill
Product: Firefox → Toolkit

Thanks for the research. I will reply in bug 1392944.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: