Closed
Bug 371270
Opened 17 years ago
Closed 16 years ago
Keychain can fill in username/password that doesn't match data prefilled by JavaScript
Categories
(Camino Graveyard :: OS Integration, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
Camino2.0
People
(Reporter: alqahira, Assigned: stuart.morgan+bugzilla)
References
()
Details
Attachments
(1 file)
878 bytes,
patch
|
mikepinkerton
:
superreview+
|
Details | Diff | Splinter Review |
In another bug, we mentioned that we shouldn't let the Keychain fill in data when what it wants to fill doesn't match the existing username. I've just run into a scenario where this happens: I just a got a new account ID/password at investools, so yesterday I logged in with the new details. My cookie got updated with new values, and I told Camino to update the existing Keychain entry with the new values. Today I came back to log-in, and the cookie prefilled the new username/password, and then I got the "Allow Camino to access the Keychain" prompt, and after allowing, the entries in the login form were now replaced by the old username/password (which were somehow preserved in the Keychain instead of updated; bug to follow on that).
Assignee | ||
Comment 1•17 years ago
|
||
As I suspected, they are doing the fill with JS, rather than the more usual technique of inserting it directly into the HTML when creating the page. Still, it's odd that you could see the username and password when we prompted, so I'll have to play around in gdb to see what's happening. The fact that they store the password in a cookie in plaintext is really a nice touch.
Assignee | ||
Comment 2•17 years ago
|
||
Can you still repro this? I'm not seeing it, but I may not be following the steps correctly.
Assignee | ||
Comment 3•17 years ago
|
||
I see what's happening now. We check for a "value" attribute, which is what would be used to prefill during content generation, not the content. Tweaking summary slightly to clarify.
Summary: Keychain can fill in username/password that doesn't match site/cookie-prefilled data → Keychain can fill in username/password that doesn't match data prefilled by JavaScript
Assignee | ||
Comment 4•16 years ago
|
||
The fix is trivial; we just need to check the value, which reflects user edits, rather than the value attribute, which doesn't.
Attachment #314262 -
Flags: superreview?(mikepinkerton)
Comment 5•16 years ago
|
||
Comment on attachment 314262 [details] [diff] [review] fix sr=pink
Attachment #314262 -
Flags: superreview?(mikepinkerton) → superreview+
Assignee | ||
Comment 6•16 years ago
|
||
Landed on trunk.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Target Milestone: --- → Camino2.0
You need to log in
before you can comment on or make changes to this bug.
Description
•