autocomplete in forms should not be enabled for URLs that use SSL or submit to an SSL url

RESOLVED DUPLICATE of bug 190700

Status

()

Firefox
Address Bar
RESOLVED DUPLICATE of bug 190700
15 years ago
13 years ago

People

(Reporter: Kevin George, Assigned: Ben Goodger (use ben at mozilla dot org for email))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1

I like the form autocompletion feature in Firebird, but the other night it
occured to me that it might be remembering a little bit more information than
most people would want it to.

Tonight I accidentally had it autocomplete my credit card number when using an
online store I had never used before.

Presumably one could also look on disk somewhere to gather this information. 
This is bad in any situation when people share the same browser.  Furthermore,
if someone steals my laptop, I don't want them to be able to gather my credit
card information, address, etc (maybe even social security number, if people
manage their 401k and stuff like that online .....).

I would consider this a pretty bad security risk, IMO.  At the very least I
would suggest having an option to disable autocomplete for SSL URLs, that
disables by default.

Doing that would break the useful feature of billing addresses being filled in
using autocomplete.  Purhaps you could define a set of patterns that match
various kinds of sensitive numbers (credit card, SSN).  And look at the name of
the field you are storing the information for..  

Reproducible: Always

Steps to Reproduce:
1. Go to http://www.buyolympia.com/killrockstars/Item=KRS239
2. Click on 'i want this'.  You will now be at a page showing your shopping cart.
3. Click on 'Checkout'.
4. Enter a billing address and email address.
5. Click on 'Continue'.
6. Enter the first digit of a credit card number in the card # field.  If you
have entered a card # previously at this site or elsewhere, you should see your
number conveniently pop up..
Actual Results:  
The credit card number appeared.

Expected Results:  
The credit card number should never have been stored.

Updated

15 years ago
Group: security

Comment 1

15 years ago
Yes, please. Can we disable storing of 16-digit numbers at a minimum?

Comment 2

15 years ago
--> Ben

Confirming. I'm really not sure what we should do about this. The Firebird
roadmap indicates that Ben and Brian are to undertake a security review. I would
consider this to fall under the purview of such a review.
Assignee: hewitt → bugs
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All

Comment 3

15 years ago
I forgot: bug 190700 is a WONTFICed bug that one might consider a likely dupe.

Comment 4

15 years ago
hmm... seems like we should be leveraging the master password to encrypt
remembered form data just like we do with passwords.

Comment 5

15 years ago
I just ran into this same bug, while visiting the johnkerry.com donations page.

I really think this is a serious security problem, and just encrypting the
autocomplete data with the master password is not necessarily the right solution.

In my case, I don't use a master password - and i don't use password saves for
anything that i consider important.  

my credit card info on the other hand is clearly important and should never have
been saved in the first place.

I don't have it handy, but if it would help I would be glad to dig up the specs
on what a valid CC number is.  

thanks
danno

Comment 6

15 years ago
ps - the johnkerry.com site does not have "autocomplete=off" in its credit card
area, and apparently some previous site i used doesn't either.  Depending on the
websites to fix this kind of security issue (as suggested in the comments for
http://bugzilla.mozilla.org/show_bug.cgi?id=201850) is the wrong way to solve
this problem.  The browser just should never store this information.  

Comment 7

14 years ago
(In reply to comment #0)
It would be nice to add also a feature to remove the remembered data that you
don't want. In example add to a "blacklist" the field "name", "firstname",
"ccard" etc. and to be able to edit the blacklist all the time.
Also to remove some particular data would be cool: e.g. when I put some test
data in a form, it is remembered forever, it would be nice to be able to delete
it without clearing everything...

*** This bug has been marked as a duplicate of 190700 ***
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.