Closed
Bug 422539
Opened 17 years ago
Closed 17 years ago
'Encrypted' keyboard activity when using Firefox, similar to Terminal on OS X's 'secure keyboard entry'
Categories
(Firefox :: Security, enhancement)
Tracking
()
RESOLVED
DUPLICATE
of bug 394107
People
(Reporter: publicfacing, Unassigned)
Details
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9b4) Gecko/2008030317 Firefox/3.0b4
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9b4) Gecko/2008030317 Firefox/3.0b4
On OS X, the Terminal application has the option to encrypt all keyboard activity when using the application via its 'Secure Keyboard Entry' function. It's used to make sure no key logging can take place, so you can enter passwords for SSH, etc, in confidence.
Noah in the Firefox IRC channel pointed out the 'KeyScrambler Personal' (https://addons.mozilla.org/en-US/firefox/addon/3383) add-on, which does a similar job. I for one however am unsure about the ... integrity ... of such third party add-ons.
Keyloggers are becoming ever more prolific, and they completely undermine features such as making the status bar blue/yellow, anti-pishing lists, etc. What good is SSL if everything you type is being logged client-side?
This feature would help fortify Firefox: though there is an argument for it being bloat, how many passwords, etc, do typical users type into Firefox in an age where stealing identities via key loggers is becoming extremely profitable. It'd also be useful to walk into an Internet cafe, see the secure keyboard entry "checked" in Firefox and know an unscrupulous admin isn't harvesting passwords.
The security benefits of such an option are unquestionable, I think. :)
Thanks for your time.
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
|
||
Comment 1•17 years ago
|
||
I don't think this would improves security. Malware running with the same permissions as Firefox can easily defeat any "protection" Firefox asks Mac OS X for, by modifying Firefox to not ask for that protection.
|
Reporter | |
Comment 2•17 years ago
|
||
But that argument applies to protection implemented by any application, surely?
|
|
||
Comment 3•17 years ago
|
||
Yes, it applies to any protection against other applications on your system. That is why operating systems should strive to protect applications from each other.
|
|
||
Comment 4•17 years ago
|
||
Bug 394107 added this feature for at least HTML password fields. Should this bug report be marked as a dup of it?
|
|
Reporter | |
Comment 5•17 years ago
|
||
I guess that covers the main purpose of this request, Jesse.
When I try to mark this as a duplicate, I get: "You are not authorized to access bug #394107."
So if someone else could do it instead, that'd be cool.
Thanks for your time.
|
|
||
Updated•17 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
(In reply to comment #4)
> Bug 394107 added this feature for at least HTML password fields. Should this
> bug report be marked as a dup of it?
It should apply to XUL password fields as well; see bug 394107 comment 9 and 10. if that's not the case, then bug 394107 isn't really fixed :(
You need to log in
before you can comment on or make changes to this bug.
Description
•