Protect Autofill in Websites with Screen-Lock
Categories
(Firefox for Android :: Autofill, enhancement)
Tracking
()
People
(Reporter: cpeterson, Unassigned)
References
(Blocks 1 open bug)
Details
From github: https://github.com/mozilla-mobile/fenix/issues/28434.
Steps to reproduce
- log in with your FF account into FF Android
- if enabled, all usernames an passwords are synchronized ... ok
- if you now try to view the saved logins and you have a screen lock enabled in Android, FF Android prompts you to re-unlock your device ... ok
- open a website and fill out the login text boxes with your saved logins (but don't login, so don't press the corresponding button or the enter key)
Expected behaviour
If you have a screen lock enabled in Android, FF Android should prompt you to unlock your device at least once per session, before the login data is filled out. Or even better: it should ask for a master password, like it does in the desktop version of FF.
Actual behaviour
FF Android fills out the login text boxes directly. Even worse: some websites (e.g. PayPal) offer the function to view the password. In these cases, passwords can be leaked to persons, who have access to an unlocked device. These persons should not be able to login, without being prompted to re-unlock the device or to enter a master password. In my opinion, this is a potential security risk.
Device name
any Device
Android version
Android 11
Firefox release type
Firefox
Firefox version
108.1.1
Device logs
No response
Additional information
No response
┆Issue is synchronized with this Jira Task
Change performed by the Move to Bugzilla add-on.
|
Reporter | |
Updated•3 years ago
|
|
||
Updated•1 year ago
|
Description
•