Firefox allows Google to grab passwords on Android devices
Categories
(Firefox for Android :: Autofill, defect)
Tracking
()
People
(Reporter: mozilla, Unassigned)
References
(Blocks 1 open bug)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Firefox for Android
Steps to reproduce:
- Upgraded my Android device to Lineage OS with NikGapps
- Logged in to one of my password-protected websites
Actual results:
- In addition to the expected prompt for saving and remembering the password, there was another one for shipping the password off to Google...
- And after clicking "yes" accidentally on that prompt, I could indeed later find the affected passwords in https://passwords.google.com/
Expected results:
- Passwords should never be shipped to a third party.
Prompting for permission here does not really exonerate Firefox, as there is a very similar expected question around that very same time, which has a tendency to disappear too quickly, creating a sense of urgency.
Or did Google code (copied by NikGapps) somehow manage to wiggle its way into the key & click stream without Firefox' consent either?
(Version 125.3.9 of Fennec, Build #1253020)
|
||
Comment 1•1 year ago
|
||
The Bugbug bot thinks this bug should belong to the 'Toolkit::Password Manager' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
|
||
Comment 3•1 year ago
|
||
The severity field is not set for this bug.
:matt-tighe, could you have a look please?
For more information, please visit BugBot documentation.
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
Description
•