Closed
Bug 409915
Opened 18 years ago
Closed 18 years ago
Logins stored by extensions could be converted to site logins by 2E upgrade
Categories
(Toolkit :: Password Manager, defect)
Toolkit
Password Manager
Tracking
()
RESOLVED
FIXED
mozilla1.9beta3
People
(Reporter: Dolske, Assigned: Dolske)
References
Details
Attachments
(1 file)
|
1.68 KB,
patch
|
Gavin
:
review+
mconnor
:
approval1.9+
|
Details | Diff | Splinter Review |
Fligtar noticed that the login stored by the EBay Companion was being upgraded in a odd way: "eBay.companion ---> http://ebay.companion". If someone's able to control DNS and get you to visit "http://ebay.companion", they could obtain the login. [And, we're needlessly breaking the extension.] If an extension has stored a login by just using an arbitrary string for the hostname, we don't want to convert the entry all.
We can prevent this by requiring a port number before upgrading the stored entry. Logins saved by the password manager for protocol logins were previously always of the form "site.com:80". If there's no port number appended, it wasn't stored by us and wouldn't ever have been used by password manager (because it wouldn't match any search string when trying to fill in a login).
Flags: blocking-firefox3?
Attachment #294621 -
Flags: review?(gavin.sharp)
|
||
Comment 1•18 years ago
|
||
Comment on attachment 294621 [details] [diff] [review]
Patch v.1
>Index: toolkit/components/passwordmgr/src/storage-Legacy.js
>+ // Check for a trailing port number, EG "site.com:80". If there's
>+ // no port, it wasn't saved by the browser and is probably some
>+ // arbitraty string picked by an extension.
nit: "arbitraty" -> "arbitrary"
Attachment #294621 -
Flags: review?(gavin.sharp) → review+
|
||
Comment 2•18 years ago
|
||
Comment on attachment 294621 [details] [diff] [review]
Patch v.1
a=mconnor on behalf of drivers
Attachment #294621 -
Flags: approval1.9+
|
|
||
Updated•18 years ago
|
Flags: blocking-firefox3? → blocking-firefox3+
|
Assignee | |
Comment 3•18 years ago
|
||
Checked in, with testcase.
Checking in toolkit/components/passwordmgr/src/storage-Legacy.js;
/cvsroot/mozilla/toolkit/components/passwordmgr/src/storage-Legacy.js,v <-- storage-Legacy.js
new revision: 1.22; previous revision: 1.21
done
Checking in toolkit/components/passwordmgr/test/unit/test_storage_legacy_1.js;
/cvsroot/mozilla/toolkit/components/passwordmgr/test/unit/test_storage_legacy_1.js,v <-- test_storage_legacy_1.js
new revision: 1.9; previous revision: 1.8
done
RCS file: /cvsroot/mozilla/toolkit/components/passwordmgr/test/unit/data/signons-2d-10.txt,v
done
Checking in toolkit/components/passwordmgr/test/unit/data/signons-2d-10.txt;
/cvsroot/mozilla/toolkit/components/passwordmgr/test/unit/data/signons-2d-10.txt,v <-- signons-2d-10.txt
initial revision: 1.1
done
Group: security
Flags: in-testsuite+
|
|
Assignee | |
Updated•18 years ago
|
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
|
||
Updated•17 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•