Closed Bug 285790 Opened 20 years ago Closed 10 years ago

saved form information should be managed by master password

Categories

(Toolkit :: Form Manager, enhancement)

Product:
Toolkit
Component:
Form Manager
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: mike, Unassigned)

References

Details

(Keywords: polish, privacy) 

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Many webpages have input fields for sensitive data.  This sesnsitive form
information is recorded and is later displayed in drop-down form when revisiting
that page, or visiting other pages with fields of the same name.  The most
common examples of this are credit card numbers.

Having the Master Password utility manage the storage and retrieval of form
information should be an option available to users.

Reproducible: Always

Steps to Reproduce:
1. Visit webpage with a credit card information field (fake information will
suffice to demonstrate problem)
2. Complete the form and submit
3. Close browser
4. Revisit site and change focus to the field, and press the down-arrow key

Actual Results:  
The credit card information entered previously is displayed

Expected Results:  
The Master Password prompt should have been displayed (if the user had chosen to
enable this form of protection).
OS: MacOS X → All
Hardware: Macintosh → All
Or equivalently, generalize the Password Manager so that it can save the
contents of any form fields, not just a pair of fields named "ID" (or "user
name") and "password".

This would also make it possible to use Password Manager when logging into
http://groups.yahoo.com/ (which uses a cookie to reemmber your username, so it
provides only one input field, password).
This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/

I still believe this enhancement is needed.  Would someone with the power to
mark a bug as "confirmed" please do so.
I agree.  This issue persists and should be addressed.
Mass edit: Changing QA to default QA Contact
QA Contact: davidpjames → password.manager
Assignee: bryner → nobody
Version: unspecified → Trunk
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: polish
IMHO, this is a serious security/privacy issue and should be fixed. Firefox aims to be the browser of choice for people caring about these things, right?

By the way, this vulnerability was the topic of Corey Benninger's talk at Blackhat 2006:

http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Benninger.pdf

Corey also provides a tool to convert the formhistory.dat to XML for convenient grepping:

http://www.foundstone.com/resources/proddesc/dumpautocomplete.htm
Keywords: privacy
Blocks: 280662
Here are some examples of sites where I have to log in but where Password Manager refuses to remember the login name and password.  This is the problem I created this bug to address.
   http://groups.yahoo.com/
   http://www.caljobs.ca.gov/

The master password isn't actually handled by the password manager (odd as that may seem :-), it's a NSS/PSM thing. So, I'm moving this bug to the Form Mananger component.
Component: Password Manager → Form Manager
QA Contact: password.manager → form.manager
Product: Firefox → Toolkit
Severity: normal → enhancement
what are the chances of overhauling the encryption and implementing http://sqlcipher.net/ at some point, then give users a choice as to which DBs they want to encrypt?
It's generally agreed among UX/Engineering/Product that we don't want to further develop the existing master password functionality, as it's a poor fit for current needs and our current direction in this area.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
And how do you explain the 6-year gap of silence on this bug? (I'll be back in 6 more years to read your reply.)
> it's a poor fit for current needs and our current direction in this area.

what an incredibly vague and disappointing response from a company championing security and privacy. how is encrypting user-entered data and cookies a "poor fit"?
(In reply to Leon Sorokin from comment #16)
> what an incredibly vague and disappointing response from a company
> championing security and privacy. how is encrypting user-entered data and
> cookies a "poor fit"?

The existing functionality is a poor fit because approximately no one uses it; approximately no one uses it because it isn't very good. We can do better, and plan to, but these old bugs are not useful for tracking those broader improvements.
(In reply to :Gavin Sharp [email: gavin@gavinsharp.com] from comment #17)
> (In reply to Leon Sorokin from comment #16)
> > what an incredibly vague and disappointing response from a company
> > championing security and privacy. how is encrypting user-entered data and
> > cookies a "poor fit"?
> 
> The existing functionality is a poor fit because approximately no one uses
> it; approximately no one uses it because it isn't very good. We can do
> better, and plan to, but these old bugs are not useful for tracking those
> broader improvements.

So where is the Master Password and/or form encryption improvement being tracked?
You need to log in before you can comment on or make changes to this bug.