Closed Bug 1871769 Opened 2 years ago Closed 1 year ago

Saved passwords are commingled across .home.arpa sites

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Version:
Firefox 120
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: Andrew, Assigned: simonf, NeedInfo)

References

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0

Steps to reproduce:

  1. Save passwords for e.g.:
    • home-assistant.home.arpa
    • jellyfin.home.arpa
    • mediawiki.home.arpa
    • pi-hole.homa.arpa
    • truenas.home.arpa
  2. Visit the login screen for one of the above.

Actual results:

The saved passwords for all sites are listed together.

Expected results:

Only the saved password for the current site should be listed. The domain .home.arpa should be treated more like .net, with subdomains not commingled.

The Bugbug bot thinks this bug should belong to the 'Toolkit::Password Manager' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Password Manager
Product: Firefox → Toolkit
See Also: → 589628

I see, from reading #589628 I think what I’m effectively reporting is that .home.arpa should be considered an eTLD.

The severity field is not set for this bug.
:serg, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(sgalich)

The Public Suffix List has just declined to add .home.arpa, so responsible handling of this falls clearly on the browser.

The PSL shall reconsider then. ;)

:dnguyen should we be storing credentials by origin instead of by site?

Flags: needinfo?(sergey.galich) → needinfo?(dnguyen)
Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Assignee: nobody → sfriedberger
You need to log in before you can comment on or make changes to this bug.