Closed
Bug 262705
Opened 20 years ago
Closed 20 years ago
Firefox Stores Credit Card Number
Categories
(Toolkit :: Form Manager, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 188285
People
(Reporter: mozilla, Assigned: bugs)
Details
Firefox's feature to remember form fields stores credit card numbers. All
someone has to do to steal credit card information is sit down at my PC with
Firefox and type the first number of a credit card into a credit card field.
Perhaps the only option is to turn off autocomplete for forms completely, but it
doesn't seem right to have to turn that whole feature off just to avoid this.
|
||
Comment 1•20 years ago
|
||
This feature relies on the fact that no one has access to your computer. If
you're letting other people use your computer then maybe it isn't the best
option for you. If you don't want that to happen, either turn off password
remembering or delete that specific entry manually.
I would call this INVALID.
|
Reporter | |
Comment 2•20 years ago
|
||
If Firefox's security model is based on some sort of physical perimeter around
the user's computer then Firefox's security model needs to be re-evaluated. When
a gaping security hole can be addressed by a simple change in the software, and
is not, it's the software's fault - always. If someone who writes software does
not like the responsibility of writing secure software, perhaps Microsoft has a
position open for them.
I would suggest that Firefox doesn't cache SSL pages by default for this very
reason. Perhaps not storing form information from SSL pages would be prudent for
the same reasons.
|
||
Comment 3•20 years ago
|
||
*** This bug has been marked as a duplicate of 188285 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
|
||
Comment 4•20 years ago
|
||
(In reply to comment #2)
It makes sense. I would recommend that you file another bug under Mozilla
product, if it doesn't exist already: "Don't store form information from SSL pages"
|
|
||
Comment 5•20 years ago
|
||
(In reply to comment #4)
> (In reply to comment #2)
> It makes sense. I would recommend that you file another bug under Mozilla
> product, if it doesn't exist already: "Don't store form information from SSL
pages"
That's bug 257455.
|
|
||
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
|
||
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•