Closed Bug 262705 Opened 19 years ago Closed 19 years ago
Firefox Stores Credit Card Number
Firefox's feature to remember form fields stores credit card numbers. All someone has to do to steal credit card information is sit down at my PC with Firefox and type the first number of a credit card into a credit card field. Perhaps the only option is to turn off autocomplete for forms completely, but it doesn't seem right to have to turn that whole feature off just to avoid this.
This feature relies on the fact that no one has access to your computer. If you're letting other people use your computer then maybe it isn't the best option for you. If you don't want that to happen, either turn off password remembering or delete that specific entry manually. I would call this INVALID.
If Firefox's security model is based on some sort of physical perimeter around the user's computer then Firefox's security model needs to be re-evaluated. When a gaping security hole can be addressed by a simple change in the software, and is not, it's the software's fault - always. If someone who writes software does not like the responsibility of writing secure software, perhaps Microsoft has a position open for them. I would suggest that Firefox doesn't cache SSL pages by default for this very reason. Perhaps not storing form information from SSL pages would be prudent for the same reasons.
*** This bug has been marked as a duplicate of 188285 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
(In reply to comment #2) It makes sense. I would recommend that you file another bug under Mozilla product, if it doesn't exist already: "Don't store form information from SSL pages"
(In reply to comment #4) > (In reply to comment #2) > It makes sense. I would recommend that you file another bug under Mozilla > product, if it doesn't exist already: "Don't store form information from SSL pages" That's bug 257455.
You need to log in before you can comment on or make changes to this bug.