Closed Bug 1851589 Opened 1 year ago Closed 1 year ago

The icon at the right of a breached account regressed into gray instead of a red color

Categories

(Firefox :: about:logins, defect)

Desktop
All
defect

Tracking

()

VERIFIED FIXED
120 Branch
Tracking Status
firefox-esr102 --- unaffected
firefox-esr115 --- unaffected
firefox117 --- unaffected
firefox118 --- wontfix
firefox119 --- verified
firefox120 --- verified

People

(Reporter: danibodea, Assigned: ssachdev)

References

(Regression)

Details

(Keywords: regression)

Attachments

(2 files)

Note

  • When the user has a saved credential that was created before the website was breached, then a warning will be displayed when loading about:logins page. The icon at the right of the account entry was red and then it changed to red. It appears to be a regression.

Found in

  • Beta v118.0b4

Affected versions

  • Nightly v119.0a1

Tested platforms

  • Affected platforms: Windows 10, Windows 11
  • Unaffected platforms: ?

Steps to reproduce

  1. Visit "about:logins".
  2. From the bottom left click on the "Create New Login" button.
  3. Add a breached site in the "Website Address" field e.g. http://artvalue.com/
    (breached list can be found here: https://monitor.firefox.com/breaches
    The breached site is added in the field)
  4. Put a random username and password in the other two fields.
  5. Click on the "Save" button.
  6. In the profile's file directory, open the logins.json file.
    e.g. Windows: C:\Users[user_name]\AppData\Roaming\Mozilla\Firefox\Profiles\b78cfd7r.test
    e.g. Mac: ~/Library/Application\ Support/Firefox/Profiles/cqr0e53v.mach/logins.json"
  7. Update the "timePasswordChanged" value for the above account to before the breach date.
    (For http://artvalue.com/ it's June 19, 2019; so the date needs to be change to any date before this; e.g. June 17, which is 2 days before the breach of artvalue.com.)
    Note: to convert the date to Timestamp, use this site.
    e.g. 1549444299000 which means Date in your timezone*: 2/6/2019.)
  8. Save the "logins.json" file.
  9. Restart the browser and visit "about:logins".

Expected result

  • In about:logins, a red warning icon is displayed for the breached account.

Actual result

  • The warning icon is gray.

Regression range

Additional notes

  • This appears to be a regression considering there are no mentions of colour in the pushlog (code changes) or the bug.

:ssachdev, since you are the author of the regressor, bug 1843861, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.

Flags: needinfo?(ssachdev)
Severity: -- → S4
Assignee: nobody → ssachdev
Flags: needinfo?(ssachdev)
Pushed by ssachdev@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d0343e08d9d3 The icon at the right of a breached account regressed into gray instead of a red color r=mtigley
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 120 Branch

The patch landed in nightly and beta is affected.
:ssachdev, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox119 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(ssachdev)

Comment on attachment 9351816 [details]
Bug 1851589 - The icon at the right of a breached account regressed into gray instead of a red color r=mtigley

Beta/Release Uplift Approval Request

  • User impact if declined: If declined, the current grey breached icon may be difficult for users to notice. It is vital that they notice this icon and change their saved credentials as soon as possible.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: Yes
  • If yes, steps to reproduce: 1. Visit "about:logins".
    2. From the bottom left click on the "Create New Login" button.
    3. Add a breached site in the "Website Address" field e.g. http://artvalue.com/
    (breached list can be found here: https://monitor.firefox.com/breaches
    The breached site is added in the field)
    4. Put a random username and password in the other two fields.
    5. Click on the "Save" button.
    6. In the profile's file directory, open the logins.json file.
    e.g. Windows: C:\Users[user_name]\AppData\Roaming\Mozilla\Firefox\Profiles\b78cfd7r.test
    e.g. Mac: ~/Library/Application\ Support/Firefox/Profiles/cqr0e53v.mach/logins.json"
    7. Update the "timePasswordChanged" value for the above account to before the breach date.
    (For http://artvalue.com/ it's June 19, 2019; so the date needs to be change to any date before this; e.g. June 17, which is 2 days before the breach of artvalue.com.)
    Note: to convert the date to Timestamp, use this site.
    e.g. 1549444299000 which means Date in your timezone*: 2/6/2019.)
    8. Save the "logins.json" file.
    9. Restart the browser and visit "about:logins".
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Not risky since it only involves some css changes. The css changes are specific to the breached password selector and hence shouldn't affect other selectors.
  • String changes made/needed:
  • Is Android affected?: Unknown
Flags: needinfo?(ssachdev)
Attachment #9351816 - Flags: approval-mozilla-beta?
Flags: qe-verify+

Comment on attachment 9351816 [details]
Bug 1851589 - The icon at the right of a breached account regressed into gray instead of a red color r=mtigley

Approved for 119.0b3

Attachment #9351816 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

This fix has been verified in Nightly v120.0a1 on Windows 10. Awaiting the release of Beta v119.0b3 to verify the uplift.

QA Whiteboard: [qa-triaged]

This fix has also been verified in Beta v119.0b3 in Windows 10.

Status: RESOLVED → VERIFIED
Flags: qe-verify+

Is that something we could uplift safely to our planned 118 dot release next week or should it ride the 119 train? Thanks

Flags: needinfo?(ssachdev)

(In reply to Pascal Chevrel:pascalc from comment #11)

Is that something we could uplift safely to our planned 118 dot release next week or should it ride the 119 train? Thanks

I think it should be okay to uplift this to 118 dot release.

Flags: needinfo?(ssachdev)

Sidharth, could you request uplift to release? :)
Thanks

Flags: needinfo?(ssachdev)

Comment on attachment 9351816 [details]
Bug 1851589 - The icon at the right of a breached account regressed into gray instead of a red color r=mtigley

Beta/Release Uplift Approval Request

  • User impact if declined: If declined, the current grey breached icon may be difficult for users to notice. It is vital that they notice this icon and change their saved credentials as soon as possible. This is especially important for release.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: Yes
  • If yes, steps to reproduce: 1. Visit "about:logins".
  1. From the bottom left click on the "Create New Login" button.
  2. Add a breached site in the "Website Address" field e.g. http://artvalue.com/
    (breached list can be found here: https://monitor.firefox.com/breaches
    The breached site is added in the field)
  3. Put a random username and password in the other two fields.
  4. Click on the "Save" button.
  5. In the profile's file directory, open the logins.json file.
    e.g. Windows: C:\Users[user_name]\AppData\Roaming\Mozilla\Firefox\Profiles\b78cfd7r.test
    e.g. Mac: ~/Library/Application\ Support/Firefox/Profiles/cqr0e53v.mach/logins.json"
  6. Update the "timePasswordChanged" value for the above account to before the breach date.
    (For http://artvalue.com/ it's June 19, 2019; so the date needs to be change to any date before this; e.g. June 17, which is 2 days before the breach of artvalue.com.)
    Note: to convert the date to Timestamp, use this site.
    e.g. 1549444299000 which means Date in your timezone*: 2/6/2019.)
  7. Save the "logins.json" file.
  8. Restart the browser and visit "about:logins".
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Not risky since it only involves some css changes. The css changes are specific to the breached password selector and hence shouldn't affect other selectors.
  • String changes made/needed:
  • Is Android affected?: Unknown
Flags: needinfo?(ssachdev)
Attachment #9351816 - Flags: approval-mozilla-release?
Flags: qe-verify+

(In reply to Pascal Chevrel:pascalc from comment #13)

Sidharth, could you request uplift to release? :)
Thanks

Done! Let me know if anything else is needed.

The patch does not graft cleanly to the release branch.

Flags: needinfo?(ssachdev)

(In reply to Pascal Chevrel:pascalc from comment #16)

The patch does not graft cleanly to the release branch.

Could you give me some more information? What should I do in this case?

Comment on attachment 9351816 [details]
Bug 1851589 - The icon at the right of a breached account regressed into gray instead of a red color r=mtigley

Let's ship it in 119, thanks.

Attachment #9351816 - Flags: approval-mozilla-release? → approval-mozilla-release-
Flags: needinfo?(ssachdev)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: