There is no security on ****** password fields, can easily be sniffed by javascript

RESOLVED DUPLICATE of bug 352761

Status

()

Firefox
Security
RESOLVED DUPLICATE of bug 352761
10 years ago
10 years ago

People

(Reporter: Gabe, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9

There is a bookmarklet that can reveal passwords in ****** password fields

http://aksn1p3r.blogspot.com/2007/07/firefox-asterisk-revealer.html

This is a significant security risk for people who are using the password manager to manage their passwords.

The ability to reveal passwords should be disabled.

Reproducible: Always

Steps to Reproduce:
See http://aksn1p3r.blogspot.com/2007/07/firefox-asterisk-revealer.html for details.
Actual Results:  
Passwords can be revealed

Expected Results:  
Passwords should not be revealed

Updated

10 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 352761
That bookmarklet works on all modern browsers, I've even seen some bank sites design their logins to require that functionality.
You need to log in before you can comment on or make changes to this bug.