Open Bug 1866509 Opened 1 year ago

Clear out form_action_origin and http_realm when deleting logins

Tracking

(Not tracked)

Status:

NEW

People

(Reporter: markh, Unassigned)

Details

Mark Hammond [:markh] [:mhammond]

Reporter

Description

•

1 year ago

From github: https://github.com/mozilla/application-services/issues/4573.

In the LoginsDb.delete() method, we clear our all sensitive fields..

Origin is considered one of the sensitive fields, I think that should mean that form_action_origin and http_realm should also be sensitive, since both could be used to identify the site the login was saved for.

┆Issue is synchronized with this Jira Task
┆Sprint End Date: 2021-10-29

Change performed by the Move to Bugzilla add-on.

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Clear out form_action_origin and http_realm when deleting logins

Categories

(Application Services :: Logins, enhancement, P3)

Tracking

(Not tracked)

People

(Reporter: markh, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description