Closed Bug 223214 Opened 22 years ago Closed 20 years ago

autocomplete in forms should not be enabled for URLs that use SSL or submit to an SSL url

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 190700

People

(Reporter: kevin-mozilla, Assigned: bugs)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1 I like the form autocompletion feature in Firebird, but the other night it occured to me that it might be remembering a little bit more information than most people would want it to. Tonight I accidentally had it autocomplete my credit card number when using an online store I had never used before. Presumably one could also look on disk somewhere to gather this information. This is bad in any situation when people share the same browser. Furthermore, if someone steals my laptop, I don't want them to be able to gather my credit card information, address, etc (maybe even social security number, if people manage their 401k and stuff like that online .....). I would consider this a pretty bad security risk, IMO. At the very least I would suggest having an option to disable autocomplete for SSL URLs, that disables by default. Doing that would break the useful feature of billing addresses being filled in using autocomplete. Purhaps you could define a set of patterns that match various kinds of sensitive numbers (credit card, SSN). And look at the name of the field you are storing the information for.. Reproducible: Always Steps to Reproduce: 1. Go to http://www.buyolympia.com/killrockstars/Item=KRS239 2. Click on 'i want this'. You will now be at a page showing your shopping cart. 3. Click on 'Checkout'. 4. Enter a billing address and email address. 5. Click on 'Continue'. 6. Enter the first digit of a credit card number in the card # field. If you have entered a card # previously at this site or elsewhere, you should see your number conveniently pop up.. Actual Results: The credit card number appeared. Expected Results: The credit card number should never have been stored.
Group: security
Yes, please. Can we disable storing of 16-digit numbers at a minimum?
--> Ben Confirming. I'm really not sure what we should do about this. The Firebird roadmap indicates that Ben and Brian are to undertake a security review. I would consider this to fall under the purview of such a review.
Assignee: hewitt → bugs
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
I forgot: bug 190700 is a WONTFICed bug that one might consider a likely dupe.
hmm... seems like we should be leveraging the master password to encrypt remembered form data just like we do with passwords.
I just ran into this same bug, while visiting the johnkerry.com donations page. I really think this is a serious security problem, and just encrypting the autocomplete data with the master password is not necessarily the right solution. In my case, I don't use a master password - and i don't use password saves for anything that i consider important. my credit card info on the other hand is clearly important and should never have been saved in the first place. I don't have it handy, but if it would help I would be glad to dig up the specs on what a valid CC number is. thanks danno
ps - the johnkerry.com site does not have "autocomplete=off" in its credit card area, and apparently some previous site i used doesn't either. Depending on the websites to fix this kind of security issue (as suggested in the comments for http://bugzilla.mozilla.org/show_bug.cgi?id=201850) is the wrong way to solve this problem. The browser just should never store this information.
(In reply to comment #0) It would be nice to add also a feature to remove the remembered data that you don't want. In example add to a "blacklist" the field "name", "firstname", "ccard" etc. and to be able to edit the blacklist all the time. Also to remove some particular data would be cool: e.g. when I put some test data in a form, it is remembered forever, it would be nice to be able to delete it without clearing everything...
*** This bug has been marked as a duplicate of 190700 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.