We've had similar complaints about the prompt() function in the past... let's see if we can reproduce it this time so we can fix it.
The real question is: what browser code is storing the Master Password? NSS itself does not store it. Any code that rightfully gets it (e.g. a Master Password prompt) should use it, and then immediately ensure that it is overwritten.
Neil, do you have a clue what's up there?
My wild guess currently is that wallet is somehow confusing the prompt from the bookmarklet with the prompt for the master password.
(In reply to comment #1) > We've had similar complaints about the prompt() function in the past... let's > see if we can reproduce it this time so we can fix it. I haven't been able to reproduce this with my week-old local 1.1.17pre build.
I would be surprised if it is truly the Master Password -- that is not stored anywhere. What has been reported in the past against the old wallet password manager was that it filled in whatever happened to be the first stored password in the wallet *.s file. If it _is_ the master password then do you have any 3rd party password manager running on your machine? Either a Firefox-specific add-on or a separate utility program? Christian: 1) what add-ons do you have installed? These are listed in the Add-ons dialog on the Tools menu. 2) what programs are currently running on your machine? Ctrl-Shift-Esc will bring up the windows task manager. Switch to the "Processes" tab and tell us what's in there. (A utility of the sort I suspect wouldn't show up on the shorter Applications list, unfortunately.) Alternately, if you look through the various icons in the lower-left windows task bar you may find one for such a utility.
Whiteboard: [sg:needinfo][needs answer to comment 6 from reporter]
(In reply to comment #6) > 1) what add-ons do you have installed? These are listed in the Add-ons dialog > on the Tools menu. Sadly 1.1.17 doesn't have the Extension Manager yet...
Hi all, @Daniel: you appear to be quite right - I've changed my master password and the then-revealed one was still the "old". So I suppose it's sending the first password it happens to find in the wallet. And it happened this one to be the same as my master password, uh oh.. No, I don't have any other password manager running at the same time. Extensions installed: EnigMail 0.95.7 and ADBlockPlus 1.0.2 - but the password-sending has also happened before installing them. And I might have made this more clear - the issue does not happen everytime! Sometimes I startup Seamonkey and click the translate bookmarklet and it asks me (correctly) what word I'd wanted to be translated. But every now and then, it sends the ominous "first" password... Thanks a lot!
So, should the title of this bug be changed to: Seamonkey reveals first wallet password to websites?
(In reply to comment #9) > So, should the title of this bug be changed to: > Seamonkey reveals first wallet password to websites? Yes, I fully agree - but cannot change the heading myself, as in my form I could only add an alias...
Hey all, just wondering why the whiteboard still shows "needs answer to comment 6 from reporter" and whether this might really be what the bug is waiting for currently... But I've answered #6 by Daniel with my #8 though not having clicked "Reply". Can I do something else to help?
We have EOLed SeaMonkey 1.x now, so I'm closing this bug, but we'll keep it closed to not expose users still on that now unmaintained series to attacks. The new login manager used in SeaMonkey 2.0 doesn't have this problem, as far as we know, and wallet is now dead for good.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WONTFIX
Whiteboard: [sg:needinfo][needs answer to comment 6 from reporter] → [sg:needinfo]
You need to log in before you can comment on or make changes to this bug.