Closed Bug 1897351 Opened 16 days ago Closed 16 days ago

Login autofill becomes hard to distinguish between subdomains

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Version:
Firefox 128
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
128 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox126 --- unaffected
firefox127 --- unaffected
firefox128 + fixed

People

(Reporter: lilydjwg, Assigned: enndeakin)

References

(Regression)

Details

(Keywords: regression, sec-moderate, ux-error-prevention)

Attachments

(2 files)

Which entry is my bbs account?
84.67 KB, image/png
Details
Bug 1897351, fix missing domain reference in login autofill menu, r=#credential-management-reviewers
48 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0

Steps to reproduce:

  • get some accounts with the same username (A) across different subdomains on {bbs,wiki,bugs,aur,accounts}.archlinux.org
  • get another, different username (B) account on bbs.archlinux.org
  • try to login into bbs.archlinux.org with username A via autofill

Actual results:

A lot of entries are shown without clue which one is which.

Expected results:

A hint about which subdomain the account is associated with should be displayed (like before).

77:30.95 INFO: Last good revision: 804fa6e457c8f4811e07d5a346b5390eb14b34d5
77:30.95 INFO: First bad revision: ac7bca16ad74978e38a235a22455b0653c32553e
77:30.95 INFO: Pushlog:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=804fa6e457c8f4811e07d5a346b5390eb14b34d5&tochange=ac7bca16ad74978e38a235a22455b0653c32553e

Status: UNCONFIRMED → NEW
status-firefox126: --- → unaffected
status-firefox127: --- → unaffected
status-firefox128: --- → affected
status-firefox-esr115: --- → unaffected
Component: Untriaged → Password Manager
Ever confirmed: true
Keywords: regression, sec-moderate, ux-error-prevention
Product: Firefox → Toolkit
Regressed by: 1886064

[Tracking Requested - why for this release]: Bad UI that invites ID and password compromise should be corrected.

tracking-firefox128: --- → ?

:enndeakin, since you are the author of the regressor, bug 1886064, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.

Flags: needinfo?(enndeakin)
Assignee: nobody → enndeakin
Status: NEW → ASSIGNED
Pushed by neil@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4032b7e8db43
fix missing domain reference in login autofill menu, r=credential-management-reviewers,sgalich
tracking-firefox128: ?+
Flags: needinfo?(enndeakin) → in-testsuite+

https://hg.mozilla.org/mozilla-central/rev/4032b7e8db43

Status: ASSIGNED → RESOLVED
Closed: 16 days ago
status-firefox128: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 128 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: