Closed Bug 280285 Opened 20 years ago Closed 20 years ago

Cookies containing personally identifyable information should be linked w/ PSM

Categories

(SeaMonkey :: Passwords & Permissions, enhancement)

x86
Windows XP
enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 56788

People

(Reporter: dluchini30, Assigned: dveditz)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20050111 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20050111 Cookies that contain personally identifyable information such as a username and password combination for autologin to a website should require you to, if you have set Mozilla up to do so, ask for a password from PSM before they can be accessed and their information submitted. Without such functionality it is always possible for somebody to read cookie information and find out your usernames/passwords which Password Manager would be keeping encrypted but Cookie Manager would not. Reproducible: Always Steps to Reproduce: 1. Have a website set up a cookie containing a username/password combination or other user-sensitive data. 2. Restart Mozilla so that you will be asked for a PSM password when applicable. 3. Go to the website you set your autologin cookie with. Actual Results: Website will autologin without Mozilla asking for a PSM password. Expected Results: Cookie Manager should ask for a PSM password if one is set. Requires a PSM password to be set for this to work.
*** This bug has been marked as a duplicate of 56788 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.