Closed
Bug 240705
Opened 21 years ago
Closed 20 years ago
Pass manager fills form when it should not.
Categories
(SeaMonkey :: Passwords & Permissions, defect)
Tracking
(Not tracked)
RESOLVED
EXPIRED
People
(Reporter: z-mozilla, Assigned: dveditz)
References
()
Details
(Whiteboard: [sg:nse])
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040124
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040124
Password manager fills form, which it should not fill. It does that whenever it
sees <input type="password">, no matter what's the name of that input, and that
the path part of the URL is different. I imagine this bug could possibly be used
to extract passwords.
Reproducible: Always
Steps to Reproduce:
1. go to http://kenny.mimuw.edu.pl/~bart/mozilla.bug.html and fill it in
2. click submit -- choose save password "no".
3. everything is fine now.
4. go to http://kenny.mimuw.edu.pl/~bart/mozilla.bug.html and fill it in again
5. click submit -- this time choose save password "yes"
6. note, that values on the mozilla.bug.2.html page have been altered.
Actual Results:
Values in the form have been altered.
Expected Results:
Values in the form should not be altered, just as it works, when you do not save
the password.
|
Reporter | |
Comment 1•21 years ago
|
||
*** Bug 240699 has been marked as a duplicate of this bug. ***
|
Assignee | |
Comment 2•21 years ago
|
||
For better or worse, Mozilla's password manager is designed to work at the host
level on the theory that popular sites allow logins from different pages. I
believe Firefox's password autocomplete works per-page and Firefox is the future
direction.
removing security flag, known behavior and risk
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → WONTFIX
Whiteboard: [sg:nse]
|
|
Reporter | |
Comment 3•21 years ago
|
||
(In reply to comment #2)
> For better or worse, Mozilla's password manager is designed to work at the host
> level on the theory that popular sites allow logins from different pages.
So if you have saved a password for http://somehost/~joeuser/ it's going
to be send to http://somehost/~evilhacker/?
|
|
Assignee | |
Comment 4•21 years ago
|
||
Yes.
As a thought experiment: Given some way to get users to go to
http://somehost/~hacker (which your worry presupposes) the hacker's site could,
upon your leaving, actually load a frameset consisting of an invisible bit
containing your intended destination. Should you ever surf back to
http://somehost/~joeuser code in the hacker's frame has full access to the DOM
of the joeuser page and can steal your login as you enter it.
Browser security--in IE as well as Mozilla, and Netscape before them both--is
primarily host oriented: cookies, DOM/js, SSL, etc
|
|
Reporter | |
Comment 5•21 years ago
|
||
> Browser security--in IE as well as Mozilla, and Netscape before them both--is
> primarily host oriented: cookies, DOM/js, SSL, etc
Ok, lets drop the security issue. Still it is a mayor annoyance, when passoword
manager fills in a form, which is not a login form only becouse there's a
passoword input in it. PSM shoult at least check if the form's and input's
name/id are the same.
The example I've created is a simpified version of real system, in which you'd
first log in (as an admin), a then edit some Joe User's account data. Well --
you just can't change Joe's password, becouse it gets overwritten by password
manager. So does his login. Maybe it's not a security bug, but it's still a
mayor bug.
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---
|
||
Updated•21 years ago
|
Product: Browser → Seamonkey
|
||
Comment 6•20 years ago
|
||
It sounds like you're talking about bug 112260
|
|
||
Comment 7•20 years ago
|
||
This is an automated message, with ID "auto-resolve01".
This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.
While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.
If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.
The latest beta releases can be obtained from:
Firefox: http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey: http://www.mozilla.org/projects/seamonkey/
|
|
||
Comment 8•20 years ago
|
||
This bug has been automatically resolved after a period of inactivity (see above
comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago → 20 years ago
Resolution: --- → EXPIRED
You need to log in
before you can comment on or make changes to this bug.
Description
•