Closed Bug 409915 Opened 12 years ago Closed 12 years ago

Logins stored by extensions could be converted to site logins by 2E upgrade

Categories

(Toolkit :: Password Manager, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla1.9beta3

People

(Reporter: Dolske, Assigned: Dolske)

References

Details

Attachments

(1 file)

Attached patch Patch v.1Splinter Review
Fligtar noticed that the login stored by the EBay Companion was being upgraded in a odd way: "eBay.companion ---> http://ebay.companion". If someone's able to control DNS and get you to visit "http://ebay.companion", they could obtain the login. [And, we're needlessly breaking the extension.] If an extension has stored a login by just using an arbitrary string for the hostname, we don't want to convert the entry all.

We can prevent this by requiring a port number before upgrading the stored entry. Logins saved by the password manager for protocol logins were previously always of the form "site.com:80". If there's no port number appended, it wasn't stored by us and wouldn't ever have been used by password manager (because it wouldn't match any search string when trying to fill in a login).
Flags: blocking-firefox3?
Attachment #294621 - Flags: review?(gavin.sharp)
Comment on attachment 294621 [details] [diff] [review]
Patch v.1

>Index: toolkit/components/passwordmgr/src/storage-Legacy.js

>+            // Check for a trailing port number, EG "site.com:80". If there's
>+            // no port, it wasn't saved by the browser and is probably some
>+            // arbitraty string picked by an extension.

nit: "arbitraty" -> "arbitrary"
Attachment #294621 - Flags: review?(gavin.sharp) → review+
Comment on attachment 294621 [details] [diff] [review]
Patch v.1

a=mconnor on behalf of drivers
Attachment #294621 - Flags: approval1.9+
Flags: blocking-firefox3? → blocking-firefox3+
Checked in, with testcase.

Checking in toolkit/components/passwordmgr/src/storage-Legacy.js;
/cvsroot/mozilla/toolkit/components/passwordmgr/src/storage-Legacy.js,v  <--  storage-Legacy.js
new revision: 1.22; previous revision: 1.21
done
Checking in toolkit/components/passwordmgr/test/unit/test_storage_legacy_1.js;
/cvsroot/mozilla/toolkit/components/passwordmgr/test/unit/test_storage_legacy_1.js,v  <--  test_storage_legacy_1.js
new revision: 1.9; previous revision: 1.8
done
RCS file: /cvsroot/mozilla/toolkit/components/passwordmgr/test/unit/data/signons-2d-10.txt,v
done
Checking in toolkit/components/passwordmgr/test/unit/data/signons-2d-10.txt;
/cvsroot/mozilla/toolkit/components/passwordmgr/test/unit/data/signons-2d-10.txt,v  <--  signons-2d-10.txt
initial revision: 1.1
done
Group: security
Flags: in-testsuite+
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.