Closed
Bug 1722556
Opened 3 years ago
Closed 3 years ago
Autofill should require user action
Categories
(Toolkit :: Password Manager, enhancement)
Toolkit
Password Manager
Tracking
()
RESOLVED
DUPLICATE
of bug 1427543
Tracking | Status | |
---|---|---|
firefox92 | --- | affected |
People
(Reporter: sjw+bugzilla, Unassigned)
References
()
Details
(Keywords: sec-want, Whiteboard: [passwords:fill-ui] [passwords:heuristics] [parity-chrome] [parity-edge] [parity-safari] [parity-Vivaldi] )
If autofill is enabled (which is the default in Firefox) malicious JavaScript can steal the credentials from the login form.
Other browsers require any kind of user interaction with the site (e.g. keystroke, mouse click) to fill in the actual data. This can protect users from silently loosing their credentials in an iframe, pop-up, hidden form etc.
A detailed analysis of this behavior can be found in the linked article.
Updated•3 years ago
|
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•