If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Possible security bug when searching on google involving 1password

RESOLVED WORKSFORME

Status

()

Firefox
Security
RESOLVED WORKSFORME
9 years ago
8 years ago

People

(Reporter: Jim, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.7) Gecko/2009021906 Firefox/3.0.7
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.7) Gecko/2009021906 Firefox/3.0.7

I am using Firefox 3.0.7 right now with an app called 1password that tells me when i need to enter a password for a site. This is obviously for security measures in case a site asks me for a password and it's a phishing site. When searching on google for aac quicktime the box asking for a password appears. I think this search term attempts to hack into the master password keychain to steal extremely valuable password information. Please repeat the steps I provide to solve this problem. Thank you.

Reproducible: Always

Steps to Reproduce:
1. Install 1password on Mac OSX
2. Go to google.com
3. Search aac quicktime
4. Password request appears.
Actual Results:  
The dialogue box asking for a password appears.

Expected Results:  
Showed search results without asking for anything
Wouldn't that be a problem with 1password rather than Firefox? I don't see anything from that search response that should trigger a password request, and they don't trigger the built-in Firefox password manager.
(Reporter)

Comment 2

9 years ago
Well, I am gonna check with the 1password team as well but what I'm worried about is that it was that search that triggered it. I tried it in safari 4 beta and that also had 1password installed yet the same function was not triggered.
I'm going to un-hide this bug so we can get a bigger audience of people who might be able to check this out.
Group: core-security
Component: Search → Security
Keywords: qawanted
Summary: Possible security bug when searching on google → Possible security bug when searching on google involving 1password
(Reporter)

Comment 4

9 years ago
From what I understand when disabling extensions and contacting 1password's team there are two extensions that brought up the prompt which are boost for facebook https://addons.mozilla.org/en-US/firefox/addon/3120 and customizegoogle https://addons.mozilla.org/en-US/firefox/addon/743

Other than this I haven't found anything else but if there is anything that can be done through firefox or fixing the extensions on the developer's end then that should do it. I'll keep trying to find anything else I can on this but alot of people use customizegoogle so I'm worried about what this would mean.
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1pre) Gecko/20090602 Shiretoko/3.5pre

I cannot reproduce this bug.

STR:
1. Install 1password
2. Set up 1password
3. Open Shiretoko
4. Navigate to http://www.google.com
5. Search for "aac quicktime"

Result:
I see search results

AFAICT, this is WFM.  Resolving.  Please reopen if you feel this is in error.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Keywords: qawanted
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.