Closed Bug 468063 Opened 16 years ago Closed 16 years ago

Deleted passwords (and bookmarks) return after upgrade

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: firefox, Unassigned)

Details

(Keywords: privacy) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4

I deleted my passwords since I temporary need to share my windows account. After running the automatic upgrade to 3.x the passwords returned. Also previously deleted bookmarks came back



Reproducible: Didn't try

Steps to Reproduce:
1. Run Firefox version 2.x
2. Store passwords for i.e. webmail
3. Create bookmarks 
4. Delete bookmarks
5. Delete passwords through the clear private data method
6. Bookmarks and passwords are gone (I kept pressing do not now at the "remember password" box)
6. Automatic upgrade appears (would you like to upgrade to 3.x)

Actual Results:  
After the upgrade I went to webmail, and the password field was filled in automatically. I pressed login et voila, I was logged in
Then I noticed all my old bookmarks had returned as well

Expected Results:  
Bookmarks still gone, passwords still gone
It should have deleted the passwords fully and not retrievable. The bookmarks reappearing I don't mind (although that is a privacy issue as well). But the password apparently wasn't gone completely. The fact due to an upgrade bug it returned means that the delete private data option doesn't delete the information 100%

This is on a Windows XP pc in a corperate environment with limited roaming profiles. I didn't however change pc in weeks.

I consider this sever since if you run upgrade on a shared pc, old information comes back that may expose peoples email, and other habits. This is especially a problem if the PC becomes shared later and the person feels save since (s)he deleted the private data
Had you previously tried Firefox 3 on that computer? Firefox 3 stores passwords and bookmarks differently than Firefox 2. If you had previously tested version 3 it would have migrated your data at that time, and when you switched back to it now you're getting a snapshot of your passwords and bookmarks from that earlier migration. That would mean that the Firefox 3 view would not only have items you deleted in Firefox 2, but that it's missing any that you've added in Firefox 2 since that time.

Any additional bookmarks you can import through the "Organize Bookmarks" window available on the Bookmarks menu; I don't think there's an easy way to reimport passwords, but the folks at http://support.mozilla.com could help you find the new files and walk you through ways to force a re-migration.

My guess at the cause might be completely unfounded -- please confirm whether you had or had not looked at an earlier version of Firefox 3 on that machine in the past.

This has implications for Clear Private Data: I don't expect Firefox 2 to know about new file formats used by Firefox 3, but if you clear private data in Firefox 3 it ought to wipe older versions of the files at the same time. It may already do that, cc'ing a couple of folks who care about that feature and can follow up.

Manually deleting individual passwords or bookmarks rather than clearing them entirely is trickier though. Firefox 3 isn't going to be able to edit the older formats.
Keywords: privacy
Whiteboard: [sg:needinfo]
(In reply to comment #1)

> This has implications for Clear Private Data: I don't expect Firefox 2 to know
> about new file formats used by Firefox 3, but if you clear private data in
> Firefox 3 it ought to wipe older versions of the files at the same time.

I know we do for passwords and form history.
I had not tried Firefox 3 previously on that machine. 
If I have time I'll see if I can reproduce this on a different XP machine
Unfortunately we're not able to reproduce this problem, so without more details we can't know what needs to be fixed.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → INCOMPLETE
Whiteboard: [sg:needinfo]
I have not been able (lack of time) to reproduce this.
Resolution: INCOMPLETE → FIXED
(WFM would be a better state)
Resolution: FIXED → WORKSFORME
You need to log in before you can comment on or make changes to this bug.