Closed Bug 1656646 Opened 4 years ago Closed 4 years ago

master password applied without being entered

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Version:
79 Branch
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 702925

People

(Reporter: terauck, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0

Steps to reproduce:

I right-clicked a page in history and selected "Forget about this site". I was asked for the master password. I started to enter the master password then changed my mind and pressed 'Cancel'.

Actual results:

Firefox nevertheless 'forgot' the site as a result of which I was logged out of the site.

Expected results:

Entry of the master password (which wasn't even complete) should have been cancelled as a result of which the originally intended action should NOT have proceeded.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Password Manager
Product: Firefox → Toolkit

Hey @watchman, thanks for filing.

The reason this happened is that "forget about this site" does a lot of stuff. It clears cookies, history, etc, but it also removes any logins saved on that site. That last action requires Primary Password authentication, but the other actions don't, so they all went through regardless of the cancel.

This is... confusing. One solution we're considering is not deleting saved logins on "forget...", which would remove the need for the Primary Password check in the first place (see recently reopened bug 702925).

As a user, would that be less surprising to you?

Flags: needinfo?(terauck-mozbugs)

Yes, if the master password wasn't requested, the issue wouldn't have occurred.

Flags: needinfo?(terauck-mozbugs)
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.