Closed Bug 410127 Opened 17 years ago Closed 17 years ago

address bar auto fill shows sensitive information from secure websites

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: cypher303, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2007122705 Minefield/3.0b3pre Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2007122705 Minefield/3.0b3pre the address bar auto fill feature will show sensitive information from secure websites such as email subject lines and urls. This could compromise CC numbers, confirmation codes, extra marital affairs, etc. Reproducible: Always Steps to Reproduce: 1. log into gmail (or any secure website) and open an email message 2. log out and go to another page 3. start typing gmail into the address bar - your email subject lines will be revealed along with the url. Actual Results: sensitive information from secure sites (in this case, email subject lines) is revealed in the address bar drop down list of previously visited websites. Expected Results: secure website addresses should not be shown in this list. especially links from within the sites. I haven't tried to log into my bank account online yet, but I'm assuming that some information that I wouldn't want others to know might be revealed in that drop down list if I do.
Firefox has always stored titles and URLs in history. The only thing that's new is showing titles in address bar autocomplete. I don't think there is any good heuristic for determining whether a URL or title is "sensitive". https vs http isn't a good heuristic because it would break Gmail and Bugzilla and discourage sites from using https. (Firefox does a few other screwy things with https:, such as not sending referrer URLs to other sites and not using the HTTP cache in the same way as http:, but the fewer differences the better.)
Group: security
While that may be true, I think this goes overboard considering that public facilities may implement security measures in which the history cannot be cleared (as in libraries and such) or accessed at all. In which case one's personal information (regardless of how personal or important, it is still private) can be viewed even accidentally by another. It's just too haphazard IMO.
If a library wants a "no history" version of Firefox they should disable saving of history entirely (by setting and locking the appropriate prefs). I don't think it's very likely that the library would go to the trouble of disabling the history sidebar (which also shows page titles) but not autocomplete. I don't think there's really anything to fix here.
Point taken. In a perfect world I suppose sensitive information such as this wouldn't be displayed so openly. But I understand if it's impractical to implement at this point.
Given the comments I'm going to mark this INVALID.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
In fact I would go so far as to say this might be privacy _enhancing_ behavior: users who weren't aware the browser tracked your browsing history will now have it thrust in their face and can adjust the privacy settings as desired.
You need to log in before you can comment on or make changes to this bug.