Open Bug 1924503 Opened 1 year ago Updated 4 hours ago

The save password doorhanger should default to not showing the password

Categories

(Toolkit :: Password Manager, defect, P2)

Product:
Toolkit
Component:
Password Manager
Version:
Firefox 133
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox133 --- affected

People

(Reporter: bj, Unassigned)

Details

(Keywords: nightly-community)

I created a new account and the save password doorhanger popped up showing my password. That was a shock, and would have been terrible if I had been in a public area where someone could be watching me.

Steps to reproduce:

  1. Create a new account on a web site.
  2. On the save password doorhanger click to display the password.
  3. Create another new account.

Expected:
3) The save password doorhanger doesn't show the password when it opens.

Actual:
3) The save password doorhanger showed my password.

Is this only about the generated password or a password you are typing?

I think I can only reproduce it with the former. Which is still wrong but at least the password is high entropy and does not apply to other accounts.

I just reproduced the issue with typed passwords. I logged in as an admin to the cpanel website for a domain I managed. I created two new users with typed passwords. For the first the Firefox saved password doorhanger appeared and I clicked to display the password, but then didn't actually save the password. For the second account creation the doorhanger appeared with the typed password initially visible.

I don't remember what site I created passwords on when I first reported this issue, and I don't remember if I actually saved the first password or just looked at it.

(I tried to test whether saving the password makes a difference by saving the password when I created a third account. But after that the doorhanger didn't appear when I created fourth and fifth accounts. That seems like a different bug -- I will try to reproduce that to submit a separate bug report.)

I went back and deleted the saved password and then 1) the doorhanger did appear, and 2) the password to save was still initially visible.

It appears that the doorhanger doesn't appear if there is already a saved password for the domain. Bug 1942467 filed.

Thanks for the report! We were able to reproduce the issue and will investigate further.

Severity: -- → S3
Priority: -- → P2
You need to log in before you can comment on or make changes to this bug.