Closed
Bug 503748
Opened 15 years ago
Closed 15 years ago
Firefox 3.0.11 not clearing all passwords fully somehow
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: dantronics, Unassigned)
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 1.1.4322) Build Identifier: ver 3.0.11 --> SECURITY FLAWS!!!! EMERGENCY SECURITY FLAWS MAJOR ISSUES!!!!!!!!! Deleted cookies, and Password DO NOT get DELETED!!! I recently installed SIW to run all my Computer History and CPU Performance. All the secret passwords stored in the MOZILLA do not get deleted. Mozilla: --> Under Tools , ---> Clear Private Data ---> Delete the Following ... I checked everything there is to be deleted (Browsing History, Cache,Offline Website, password, cookies... all of them are checked). But when I ran SWI all the previous stored password on the Browser still shows up. Here is the example: SECURITY FLAWS!!!!!! EMERGENCY !!!! --------------------------------------------------------------------------------- Resource Type Resource Name User Name Password Company Name FireFox Password https://my.screenname.aol.com dantrpnics HelloThere FireFox Password https://my.screenname.aol.com Dantronics HelloThere FireFox Password http://www.c-sharpcorner.com danman2 lifeisgood FireFox Password https://www.yousendit.com huynhchi713@yahoo.com HelloThere FireFox Password http://www.friendorama.com intradan2003@yahoo.com hellothere Reproducible: Always Steps to Reproduce: 1.Install SIW 2. Run SIW ("Secrets" Option) 3. RUN Mozilla (Clear Private Data) "Remebered to checked everything " 4. Rerun SIW ("Secrets" Option) Actual Results: Resource Type Resource Name User Name Password Company Name FireFox Password https://my.screenname.aol.com dantrpnics HelloThere FireFox Password https://my.screenname.aol.com Dantronics HelloThere FireFox Password http://www.c-sharpcorner.com danman2 lifeisgood FireFox Password https://www.yousendit.com huynhchi713@yahoo.com HelloThere FireFox Password http://www.friendorama.com intradan2003@yahoo.com hellothere Expected Results: nothing .... here The browser should clear all password and history of websites that have been visited.
Reporter | ||
Updated•15 years ago
|
Severity: normal → blocker
Keywords: common-issue+
Whiteboard: SECURITY FLAWS DO NOT USE MOZILLA UNTIL Stored Password is completely erased!!!
Version: unspecified → 3.0 Branch
Comment 1•15 years ago
|
||
Was Firefox running when you did this?
Comment 2•15 years ago
|
||
Please give bugs an actual descriptive title and don't just add whatever you want to the fields. Please also stop panicking. Also, why on Earth are you posting a list of any IDs and passwords?... I do hope those few above aren't important. I'm not entirely sure what the issue is you're trying to describe. Not clearing passwords locally wouldn't really be much of a security issue. A real security issue would be if they were somehow able to be stolen remotely. You're simply not having them cleared on your system. I'm also not sure what "SIW" is, as you don't actually say. I'm guessing it's "System Information for Windows", which is what Google tells me. My guess is that maybe you're wiping Firefox 3's passwords and there's an old passwords file from Firefox 2 that this program is picking up? Are your passwords actually cleared when you try to view them in Firefox? Please provide more information.
Severity: blocker → major
Keywords: common-issue+
Summary: FireFox ver 3.0.11 has a Major problem with SECURITY FLAWS!!!>>> Too Dangerous For Users....... → Firefox 3.0.11 not clearing all passwords fully somehow
Whiteboard: SECURITY FLAWS DO NOT USE MOZILLA UNTIL Stored Password is completely erased!!!
Comment 3•15 years ago
|
||
Please don't reply to bugs via email. The whole reason we have this system is so that people can collaborate to investigate bugs, so please only post here. In regards to a couple of the things you mentioned: 1) No one should be saving passwords to a public computer. I think we can all agree that's just a horrible idea. 2) A good starting point for Mozilla source is here: https://developer.mozilla.org/En/Developer_Guide/Source_Code Please answer my question at the end of comment 2 and tell me if Firefox still shows your supposedly cleared passwords in its passwords manager. If you'd like us to help you here we'll info on what's going on.
Comment 4•15 years ago
|
||
User directly emailed me as well. Firefox was running while the program was run. This will result in problems like this. Firefox reads data into ram while running. If the files are removed while Firefox is running Firefox will write whatever it has in ram back to the files that were removed. This is invalid. Contact the developer of the 'security' program it should not try to remove files from Firefox's profile when Firefox is running.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•