Open Bug 1862766 Opened 2 years ago Updated 1 month ago

Pressing Enter in primary password dialog

Categories

(Toolkit :: Password Manager, defect, P3)

Product:
Toolkit
Component:
Password Manager
Version:
Firefox 119
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: nangelop, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0

Steps to reproduce:

After loading FF, i opened the login page of a Synology NAS (DiskStation Manager v7.1.1). This page shows the username field only, and after typing it, you have to press Enter or an on-screen arrow in order to display the password field in the next screen.

I have accessed this page again in the past and stored the username and password in FF's password manager. The password Manager is protected by a Primary Password (PP).

When the page loaded, the username field was pre-filled (either from the password manager or perhaps a cookie). At the same time, the window prompting me to enter the PP was shown. I typed it.

Actual results:

After typing the PP, i pressed Enter. At that point, the password was accepted and the PP window closed, but the Enter was also passed to the underlying web page, which proceeded and showed the password field screen.

Expected results:

After pressing Enter in the PP window, i expected to return to the page and have to either press Enter myself (a second time) or press the arrow button to go to the next screen (with the password field).

It's a minor inconvenience (or rather convenience, depends how you see it), but i don't know if there are perhaps any security implications by unintentionally passing a keystroke intended for another window into a web page.

When the page loaded, the username field was pre-filled (either from the password manager or perhaps a cookie). At the same time, the window prompting me to enter the PP was shown. I typed it.

To be precise, the username was not pre-filled. When i entered the correct PP and pressed Enter, it was then filled and after that, the screen was automatically proceeded to the Password-field one.

This behavior does not happen when at the PP window, instead of pressing Enter, i click the "Sign in" button. In this case, it stays in the User Name screen.

The Bugbug bot thinks this bug should belong to the 'Toolkit::Password Manager' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Password Manager
Product: Firefox → Toolkit

The severity field is not set for this bug.
:serg, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(sgalich)
Blocks: primary-password
Severity: -- → S3
Flags: needinfo?(sgalich)
Priority: -- → P3
No longer blocks: masterpassword
You need to log in before you can comment on or make changes to this bug.