The icon at the right of a breached account regressed into gray instead of a red color
Categories
(Firefox :: about:logins, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr102 | --- | unaffected |
firefox-esr115 | --- | unaffected |
firefox117 | --- | unaffected |
firefox118 | --- | wontfix |
firefox119 | --- | verified |
firefox120 | --- | verified |
People
(Reporter: danibodea, Assigned: ssachdev)
References
(Regression)
Details
(Keywords: regression)
Attachments
(2 files)
31.51 KB,
image/png
|
Details | |
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-beta+
pascalc
:
approval-mozilla-release-
|
Details | Review |
Note
- When the user has a saved credential that was created before the website was breached, then a warning will be displayed when loading about:logins page. The icon at the right of the account entry was red and then it changed to red. It appears to be a regression.
Found in
- Beta v118.0b4
Affected versions
- Nightly v119.0a1
Tested platforms
- Affected platforms: Windows 10, Windows 11
- Unaffected platforms: ?
Steps to reproduce
- Visit "about:logins".
- From the bottom left click on the "Create New Login" button.
- Add a breached site in the "Website Address" field e.g. http://artvalue.com/
(breached list can be found here: https://monitor.firefox.com/breaches
The breached site is added in the field) - Put a random username and password in the other two fields.
- Click on the "Save" button.
- In the profile's file directory, open the logins.json file.
e.g. Windows: C:\Users[user_name]\AppData\Roaming\Mozilla\Firefox\Profiles\b78cfd7r.test
e.g. Mac: ~/Library/Application\ Support/Firefox/Profiles/cqr0e53v.mach/logins.json" - Update the "timePasswordChanged" value for the above account to before the breach date.
(For http://artvalue.com/ it's June 19, 2019; so the date needs to be change to any date before this; e.g. June 17, which is 2 days before the breach of artvalue.com.)
Note: to convert the date to Timestamp, use this site.
e.g. 1549444299000 which means Date in your timezone*: 2/6/2019.) - Save the "logins.json" file.
- Restart the browser and visit "about:logins".
Expected result
- In about:logins, a red warning icon is displayed for the breached account.
Actual result
- The warning icon is gray.
Regression range
- First bad: Tested autoland build: 02894ef3 (verdict: b)
- Last good: Tested autoland build: 3f792086 (verdict: g)
- Pushlog: https://hg.mozilla.org/mozilla-central/rev/02894ef3b6a8
- Potentially regressed by: bug 1843861
Additional notes
- This appears to be a regression considering there are no mentions of colour in the pushlog (code changes) or the bug.
Comment 1•1 year ago
|
||
:ssachdev, since you are the author of the regressor, bug 1843861, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
Reporter | ||
Updated•1 year ago
|
Updated•1 year ago
|
Assignee | ||
Updated•1 year ago
|
Assignee | ||
Comment 2•1 year ago
|
||
Comment 4•1 year ago
|
||
bugherder |
Comment 5•1 year ago
|
||
The patch landed in nightly and beta is affected.
:ssachdev, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox119
towontfix
.
For more information, please visit BugBot documentation.
Assignee | ||
Comment 6•1 year ago
|
||
Comment on attachment 9351816 [details]
Bug 1851589 - The icon at the right of a breached account regressed into gray instead of a red color r=mtigley
Beta/Release Uplift Approval Request
- User impact if declined: If declined, the current grey breached icon may be difficult for users to notice. It is vital that they notice this icon and change their saved credentials as soon as possible.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: 1. Visit "about:logins".
2. From the bottom left click on the "Create New Login" button.
3. Add a breached site in the "Website Address" field e.g. http://artvalue.com/
(breached list can be found here: https://monitor.firefox.com/breaches
The breached site is added in the field)
4. Put a random username and password in the other two fields.
5. Click on the "Save" button.
6. In the profile's file directory, open the logins.json file.
e.g. Windows: C:\Users[user_name]\AppData\Roaming\Mozilla\Firefox\Profiles\b78cfd7r.test
e.g. Mac: ~/Library/Application\ Support/Firefox/Profiles/cqr0e53v.mach/logins.json"
7. Update the "timePasswordChanged" value for the above account to before the breach date.
(For http://artvalue.com/ it's June 19, 2019; so the date needs to be change to any date before this; e.g. June 17, which is 2 days before the breach of artvalue.com.)
Note: to convert the date to Timestamp, use this site.
e.g. 1549444299000 which means Date in your timezone*: 2/6/2019.)
8. Save the "logins.json" file.
9. Restart the browser and visit "about:logins". - List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Not risky since it only involves some css changes. The css changes are specific to the breached password selector and hence shouldn't affect other selectors.
- String changes made/needed:
- Is Android affected?: Unknown
Assignee | ||
Updated•1 year ago
|
Comment 7•1 year ago
|
||
Comment on attachment 9351816 [details]
Bug 1851589 - The icon at the right of a breached account regressed into gray instead of a red color r=mtigley
Approved for 119.0b3
Updated•1 year ago
|
Reporter | ||
Comment 9•1 year ago
|
||
This fix has been verified in Nightly v120.0a1 on Windows 10. Awaiting the release of Beta v119.0b3 to verify the uplift.
Updated•1 year ago
|
Reporter | ||
Comment 10•1 year ago
|
||
This fix has also been verified in Beta v119.0b3 in Windows 10.
Comment 11•1 year ago
|
||
Is that something we could uplift safely to our planned 118 dot release next week or should it ride the 119 train? Thanks
Assignee | ||
Comment 12•1 year ago
|
||
(In reply to Pascal Chevrel:pascalc from comment #11)
Is that something we could uplift safely to our planned 118 dot release next week or should it ride the 119 train? Thanks
I think it should be okay to uplift this to 118 dot release.
Comment 13•1 year ago
|
||
Sidharth, could you request uplift to release? :)
Thanks
Assignee | ||
Comment 14•1 year ago
|
||
Comment on attachment 9351816 [details]
Bug 1851589 - The icon at the right of a breached account regressed into gray instead of a red color r=mtigley
Beta/Release Uplift Approval Request
- User impact if declined: If declined, the current grey breached icon may be difficult for users to notice. It is vital that they notice this icon and change their saved credentials as soon as possible. This is especially important for release.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: 1. Visit "about:logins".
- From the bottom left click on the "Create New Login" button.
- Add a breached site in the "Website Address" field e.g. http://artvalue.com/
(breached list can be found here: https://monitor.firefox.com/breaches
The breached site is added in the field) - Put a random username and password in the other two fields.
- Click on the "Save" button.
- In the profile's file directory, open the logins.json file.
e.g. Windows: C:\Users[user_name]\AppData\Roaming\Mozilla\Firefox\Profiles\b78cfd7r.test
e.g. Mac: ~/Library/Application\ Support/Firefox/Profiles/cqr0e53v.mach/logins.json" - Update the "timePasswordChanged" value for the above account to before the breach date.
(For http://artvalue.com/ it's June 19, 2019; so the date needs to be change to any date before this; e.g. June 17, which is 2 days before the breach of artvalue.com.)
Note: to convert the date to Timestamp, use this site.
e.g. 1549444299000 which means Date in your timezone*: 2/6/2019.) - Save the "logins.json" file.
- Restart the browser and visit "about:logins".
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Not risky since it only involves some css changes. The css changes are specific to the breached password selector and hence shouldn't affect other selectors.
- String changes made/needed:
- Is Android affected?: Unknown
Assignee | ||
Updated•1 year ago
|
Assignee | ||
Comment 15•1 year ago
|
||
(In reply to Pascal Chevrel:pascalc from comment #13)
Sidharth, could you request uplift to release? :)
Thanks
Done! Let me know if anything else is needed.
Comment 16•1 year ago
|
||
The patch does not graft cleanly to the release branch.
Assignee | ||
Comment 17•1 year ago
|
||
(In reply to Pascal Chevrel:pascalc from comment #16)
The patch does not graft cleanly to the release branch.
Could you give me some more information? What should I do in this case?
Comment 18•1 year ago
|
||
Comment on attachment 9351816 [details]
Bug 1851589 - The icon at the right of a breached account regressed into gray instead of a red color r=mtigley
Let's ship it in 119, thanks.
Updated•1 year ago
|
Assignee | ||
Updated•1 year ago
|
Description
•