User-Agent: Mozilla/5.0 (Windows; U; Win98; de-AT; rv:1.7.10) Gecko/20050716 Build Identifier: Mozilla/5.0 (Windows; U; Win98; de-AT; rv:1.7.10) Gecko/20050716 If logging into ftp page the classic way (ftp://user:email@example.com) the user and password are permanantly visible in download-managers source column (not whiped after download finished). Same problem with the browsers history window. This might be a security flaw, cause no one wants username and corresponding passwords be visible to other users on the machine. Seems to be independent of OS. Reproducible: Always Steps to Reproduce: 1.Type in an ftp address in the classical way: ftp://user:firstname.lastname@example.org 2.Complete address including username/password ist stored in the most recently visited sites. 3.If a download is started the complete address including username/password is visible and stored in the source column of download-manager Actual Results: After downloading or looking in site history username/password is still visible to other users of this machine. Expected Results: User/Password@ should be deleted after download has ended. User/password@ should not be visible in site history.
The history part is bug 130327
Status: UNCONFIRMED → NEW
Depends on: 130327
Ever confirmed: true
Summary: on ftp user:password@site is not hidden in download-managers source column; same in browsers history → on ftp user:password@site is not hidden in download-managers source column
Can you reproduce with SeaMonkey v1.1.9 ? Can you reproduce with SeaMonkey v2.0a1pre ?
Assignee: dveditz → nobody
Version: unspecified → 1.7 Branch
(In reply to comment #2) > Can you reproduce with SeaMonkey v1.1.9 ? > Can you reproduce with SeaMonkey v2.0a1pre ? > Reproducable with SeaMonkey v1.1.9, not tested with v2.0a1pre
You need to log in before you can comment on or make changes to this bug.