Closed Bug 519020 Opened 16 years ago Closed 16 years ago

Passwords show in plaintext in dropdown menu on some sign-up pages

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86_64
Windows Vista
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: paradoxworld, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) If you sign up for a website, and it asks for you to enter a password, it should hide the password with asterisks. Some pages do not do this however. Now, on the pages that don't, you can double click the password field and it will show every password that has been put in a password field, even if firefox is set to not save them. Reproducible: Always Steps to Reproduce: 1. Find any site that has you enter a username and password that also shows what you are typing in plaintext 2. Double click the password field to bring down a drop down menu Actual Results: It shows all passwords in plaintext Expected Results: It shows all passwords in plaintext Running default everything.
If sites code their page using a "password" field then they get asterisks, and we know to be careful with the data. If they use a normal text entry form field we don't know they're using it to hold password data and can't take special steps to protect it. This is something that needs to be changed on the site. If you use a site like this a lot you can tell Firefox not to remember "search and form data", but that will apply to all form fields on all sites.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.