Remove logging of credit card profile in Form Autofill
Categories
(Toolkit :: Form Autofill, defect, P1)
Tracking
()
People
(Reporter: tgiles, Assigned: tgiles)
Details
(Keywords: sec-low, Whiteboard: [post-critsmash-triage][adv-main99-])
Attachments
(1 file)
There are places where, when debug logging is enabled in form autofill, we will log the credit card profile in the browser console. We don't need this logging and so we should remove it to prevent exposing user data.
Comment 1•2 years ago
|
||
We should also give another look at logins and addresses.
Comment 2•2 years ago
|
||
potential attack:
- attacker has access to unlocked victim's system
- attacker flips debug loggin on (no auth/biometrics required)
- victim use credit card autofill (logs are generated). This step can be protected with auth/biometrics, so victim gets the impression that everything is safe.
- attacker grabs sensitive data from logs (no auth required)
Assignee | ||
Comment 3•2 years ago
|
||
Comment 4•2 years ago
|
||
Landed: https://hg.mozilla.org/integration/autoland/rev/690addca2aaa2015452c47c0dada2412553fd634
Backout link: https://hg.mozilla.org/integration/autoland/rev/90690583e93d3d6616108a40de38b66c4e0ef973
Push with failures: https://treeherder.mozilla.org/jobs?repo=autoland&resultStatus=pending%2Crunning%2Csuccess%2Ctestfailed%2Cbusted%2Cexception%2Crunnable&searchStr=linux%2C18.04%2Cx64%2Cwebrender%2Cdebug%2Cxpcshell%2Ctests%2Ctest-linux1804-64-qr%2Fdebug-xpcshell-e10s%2Cx6&revision=690addca2aaa2015452c47c0dada2412553fd634&selectedTaskRun=HIEf9mKcTISr0OC20Cs3Vg.0
Link to failure logs :
https://treeherder.mozilla.org/logviewer?job_id=367076420&repo=autoland&lineNumber=2380
https://treeherder.mozilla.org/logviewer?job_id=367077432&repo=autoland&lineNumber=1654
Updated•2 years ago
|
Comment 5•2 years ago
|
||
Remove unneeded logging. r=sgalich,dimi
https://hg.mozilla.org/integration/autoland/rev/65aeb7b5bf11ab9b04157c040329893e76504e25
https://hg.mozilla.org/mozilla-central/rev/65aeb7b5bf11
Comment 6•2 years ago
|
||
Hi Tim, how far back does this issue go? Also, can you please suggest a severity rating for this bug?
https://wiki.mozilla.org/Security_Severity_Ratings/Client
Comment 7•2 years ago
|
||
We'd suggest sec-low because attack requires physical access to the victims system.
Updated•2 years ago
|
Assignee | ||
Comment 8•2 years ago
|
||
I can't find all the instances of when these lines first appeared since files have been renamed since the lines originally landed and all that (I'm sure there's a git way to find this information but I don't know how to)...but it looks like these kind of logs have been around for 4+ years. For example, in Bug 1339731, we can see one of these logs already existed before the review.
I'm seconding Serg's suggestion of sec-low.
Comment 9•2 years ago
|
||
The patch landed in nightly and beta is affected.
:tgiles, is this bug important enough to require an uplift?
If not please set status_beta
to wontfix
.
For more information, please visit auto_nag documentation.
Assignee | ||
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Description
•