Closed Bug 503748 Opened 15 years ago Closed 15 years ago

Firefox 3.0.11 not clearing all passwords fully somehow

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
3.0 Branch
Platform:
x86
Windows Vista
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: dantronics, Unassigned)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 1.1.4322)
Build Identifier: ver 3.0.11 --> SECURITY FLAWS!!!! EMERGENCY

SECURITY FLAWS MAJOR ISSUES!!!!!!!!!

Deleted cookies, and Password DO NOT get DELETED!!!

I recently installed SIW to run all my Computer History and CPU Performance. All the secret passwords stored in the MOZILLA do not get deleted. 
Mozilla: --> Under Tools , ---> Clear Private Data ---> Delete the Following ...
I checked everything there is to be deleted (Browsing History, Cache,Offline Website, password, cookies... all of them are checked). But when I ran SWI all the previous stored password on the Browser still shows up. 
Here is the example: 

SECURITY FLAWS!!!!!! EMERGENCY !!!!
---------------------------------------------------------------------------------
Resource Type	Resource Name	User Name	Password	Company Name
FireFox Password	https://my.screenname.aol.com	dantrpnics	HelloThere	
FireFox Password	https://my.screenname.aol.com	Dantronics	HelloThere	
	
FireFox Password	http://www.c-sharpcorner.com	danman2	lifeisgood	
FireFox Password	https://www.yousendit.com	huynhchi713@yahoo.com	HelloThere	
	
FireFox Password	http://www.friendorama.com	intradan2003@yahoo.com	hellothere	


Reproducible: Always

Steps to Reproduce:
1.Install SIW
2. Run SIW ("Secrets" Option)
3. RUN Mozilla (Clear Private Data) "Remebered to checked everything "
4. Rerun SIW ("Secrets" Option)
Actual Results:  
Resource Type	Resource Name	User Name	Password	Company Name
FireFox Password	https://my.screenname.aol.com	dantrpnics	HelloThere
FireFox Password	https://my.screenname.aol.com	Dantronics	HelloThere
FireFox Password	http://www.c-sharpcorner.com	danman2	lifeisgood	
FireFox Password	https://www.yousendit.com	huynhchi713@yahoo.com	HelloThere
FireFox Password	http://www.friendorama.com	intradan2003@yahoo.com	hellothere	


Expected Results:  
nothing .... here	


The browser should clear all password and history of websites that have been visited.
Severity: normal → blocker
Keywords: common-issue+
Whiteboard: SECURITY FLAWS DO NOT USE MOZILLA UNTIL Stored Password is completely erased!!!
Version: unspecified → 3.0 Branch
Was Firefox running when you did this?
Please give bugs an actual descriptive title and don't just add whatever you want to the fields. Please also stop panicking. Also, why on Earth are you posting a list of any IDs and passwords?... I do hope those few above aren't important.

I'm not entirely sure what the issue is you're trying to describe. Not clearing passwords locally wouldn't really be much of a security issue. A real security issue would be if they were somehow able to be stolen remotely. You're simply not having them cleared on your system.

I'm also not sure what "SIW" is, as you don't actually say. I'm guessing it's "System Information for Windows", which is what Google tells me.

My guess is that maybe you're wiping Firefox 3's passwords and there's an old passwords file from Firefox 2 that this program is picking up? Are your passwords actually cleared when you try to view them in Firefox? Please provide more information.
Severity: blocker → major
Keywords: common-issue+
Summary: FireFox ver 3.0.11 has a Major problem with SECURITY FLAWS!!!>>> Too Dangerous For Users....... → Firefox 3.0.11 not clearing all passwords fully somehow
Whiteboard: SECURITY FLAWS DO NOT USE MOZILLA UNTIL Stored Password is completely erased!!!
Please don't reply to bugs via email. The whole reason we have this system is so that people can collaborate to investigate bugs, so please only post here.

In regards to a couple of the things you mentioned:
1) No one should be saving passwords to a public computer. I think we can all agree that's just a horrible idea.
2) A good starting point for Mozilla source is here:
https://developer.mozilla.org/En/Developer_Guide/Source_Code

Please answer my question at the end of comment 2 and tell me if Firefox still shows your supposedly cleared passwords in its passwords manager. If you'd like us to help you here we'll info on what's going on.
User directly emailed me as well. Firefox was running while the program was run. This will result in problems like this. Firefox reads data into ram while running. If the files are removed while Firefox is running Firefox will write whatever it has in ram back to the files that were removed. This is invalid.

Contact the developer of the 'security' program it should not try to remove files from Firefox's profile when Firefox is running.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.