Closed Bug 280285 Opened 20 years ago Closed 20 years ago

Cookies containing personally identifyable information should be linked w/ PSM

Categories

(SeaMonkey :: Passwords & Permissions, enhancement)

Product:
SeaMonkey
Component:
Passwords & Permissions
Platform:
x86
Windows XP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 56788

People

(Reporter: dluchini30, Assigned: dveditz)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20050111
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20050111

Cookies that contain personally identifyable information such as a username and
password combination for autologin to a website should require you to, if you
have set Mozilla up to do so, ask for a password from PSM before they can be
accessed and their information submitted. Without such functionality it is
always possible for somebody to read cookie information and find out your
usernames/passwords which Password Manager would be keeping encrypted but Cookie
Manager would not.

Reproducible: Always

Steps to Reproduce:
1. Have a website set up a cookie containing a username/password combination or
other user-sensitive data.
2. Restart Mozilla so that you will be asked for a PSM password when applicable.
3. Go to the website you set your autologin cookie with.
Actual Results:  
Website will autologin without Mozilla asking for a PSM password.

Expected Results:  
Cookie Manager should ask for a PSM password if one is set.

Requires a PSM password to be set for this to work.

*** This bug has been marked as a duplicate of 56788 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.