Closed Bug 262705 Opened 20 years ago Closed 20 years ago

Firefox Stores Credit Card Number

Categories

(Toolkit :: Form Manager, defect)

Product:
Toolkit
Component:
Form Manager
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 188285

People

(Reporter: mozilla, Assigned: bugs)

Details

Firefox's feature to remember form fields stores credit card numbers. All
someone has to do to steal credit card information is sit down at my PC with
Firefox and type the first number of a credit card into a credit card field.
Perhaps the only option is to turn off autocomplete for forms completely, but it
doesn't seem right to have to turn that whole feature off just to avoid this.
This feature relies on the fact that no one has access to your computer. If
you're letting other people use your computer then maybe it isn't the best
option for you. If you don't want that to happen, either turn off password
remembering or delete that specific entry manually.

I would call this INVALID.
If Firefox's security model is based on some sort of physical perimeter around
the user's computer then Firefox's security model needs to be re-evaluated. When
a gaping security hole can be addressed by a simple change in the software, and
is not, it's the software's fault - always. If someone who writes software does
not like the responsibility of writing secure software, perhaps Microsoft has a
position open for them.

I would suggest that Firefox doesn't cache SSL pages by default for this very
reason. Perhaps not storing form information from SSL pages would be prudent for
the same reasons.

*** This bug has been marked as a duplicate of 188285 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
(In reply to comment #2)
It makes sense. I would recommend that you file another bug under Mozilla
product, if it doesn't exist already: "Don't store form information from SSL pages"
(In reply to comment #4)
> (In reply to comment #2)
> It makes sense. I would recommend that you file another bug under Mozilla
> product, if it doesn't exist already: "Don't store form information from SSL
pages"

That's bug 257455.
Status: RESOLVED → VERIFIED
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.