Closed Bug 1929245 Opened 6 months ago Closed 6 months ago

passwords

Categories

(Firefox for Android :: Logins, defect)

Product:
Firefox for Android
Component:
Logins
Version:
Firefox 134
Platform:
All
Android
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1928779

People

(Reporter: shalabi.arch, Unassigned)

Details

(Keywords: reporter-external)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0

Steps to reproduce:

1- Download and install Firefox for Android on a Samsung A11 device running Android 12 with One UI Core 4.1.
2- Sign in to your Firefox account to sync your data.
3- Navigate to the password section within the Firefox app.
4- When prompted, attempt to access the saved passwords.
5- Cancel the device password prompt multiple times.

Actual results:

After canceling the device password prompt multiple times, I was able to access and view all my saved passwords in clear text without having to enter my device password. This behavior raises security concerns as it allows unauthorized access to sensitive information.

Expected results:

Upon canceling the device password prompt, I should have been denied access to the saved passwords. The app should require the device password or another form of authentication to ensure that sensitive information remains secure and inaccessible without proper authorization.

Thank you for the report. This has been previously reported, so I will dupe this over there.

Status: UNCONFIRMED → RESOLVED
Closed: 6 months ago
Component: Accounts and Sync → Logins
Duplicate of bug: CVE-2024-11703
Resolution: --- → DUPLICATE
Group: mobile-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.