192986 - Javascript can force display of secret password

Status: RESOLVED DUPLICATE of bug 184436

(Firefox :: General, defect)

Description

[Tom Sommer]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5

When using a mozilla based browser (I only use phoenix) a javascript such as this

<script language="JavaScript">
function DoBug(theform) {
	thetext = prompt("Some prompt",'');
	theform.abox.value = "This is your password: "+ thetext;
}
</script>

Can display my well kept password. If using internet explorer it will prompt for
input and display the input, but in phoenix it will for some reason display my
proxy/router/school password, which I only use for these few things
This password is saved in my password manager so I figure that it might come
from there, however I have no idea why it is THIS password. I use the username
"admin" on my router, could this be the reason?

This problem is normal on all forums that use the common EzCode (such as phpBB,
VBulliten etc.) and thereby also use the prompt() function

I have reproduced this bug on all my phoenix machines (Linux, Windows 2000, same
build)

Reproducible: Always

Steps to Reproduce:
1. Go to the URL
2. Click the button
3. Watch the password

Actual Results:  
My well kept password was displayed

Expected Results:  
A popup prompt

Comment 1

[Tom Sommer]

Can also be produced by going to "JavaScript Console" and typing 

window.prompt("Enter something", "");

Does mozilla not support javascript prompts in any way?

Comment 2

[Jesse Ruderman]

Fixed, get a newer version of Phoenix.

*** This bug has been marked as a duplicate of 184436 ***