Closed Bug 207899 Opened 23 years ago Closed 23 years ago

The DOWNLOADS.RDF file stores a list of ALL FILES downloaded and in some cases SITE PASSWORDS IN PLAIN TEXT

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED DUPLICATE of bug 132755

People

(Reporter: mrbobhope2, Assigned: security-bugs)

Details

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/20030529 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/20030529 To my horror I've found that the downloads.rdf file stores a list of every file i've downloaded. Whats worse is that with some sites it also stores the fricken PASSWORDS IN PLAIN TEXT! (see below) ... <NC:URL resource="http://251200:301200@members.<site>.tv/<blahblahblah>/"/> ... To me this is more a privacy issue than security since I must be logged in order to see the downloads.rdf file but if this were a public log-in or a one user machine anyone and everyone would be able to see this data!!! It needs to be encrypted at least or better yet THERE NEEDS TO BE A FEATURE TO DUMP THAT FILE AT THE CLOSE OF THE SESSION or NOT RECORD IT AT ALL. Thanks in advance. - Bob Reproducible: Always Steps to Reproduce: 1. download a file. 2. 3. Actual Results: action listed in downloads.rdf Expected Results: either not record the event or erase it at the end of the session This bug occurs with nothing but default settings turned on. Nothing special
*** This bug has been marked as a duplicate of 132755 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Verified
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.