Closed
Bug 530367
Opened 15 years ago
Closed 15 years ago
Password Number and Letter combos flash in clear text when password manager fills in password field
Categories
(Toolkit :: Password Manager, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla1.9.3a1
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta5-fixed |
| fennec | 1.0+ | --- |
People
(Reporter: blassey, Assigned: blassey)
References
Details
(Keywords: regression, Whiteboard: [can land 1.9.2])
Attachments
(1 file, 1 obsolete file)
|
2.10 KB,
patch
|
neil
:
review+
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #526880 +++ spinning out as a new bug for the password flashing as clear text.
Attachment #413876 -
Flags: review?(neil)
|
Assignee | |
Updated•15 years ago
|
Summary: [WinCE] Password Number and Letter combos show in Password field while typing → [WinCE] Password Number and Letter combos flash in clear text when password manager fills in password field
|
||
Updated•15 years ago
|
Flags: blocking1.9.2?
|
|
Assignee | |
Updated•15 years ago
|
|
|
Assignee | |
Updated•15 years ago
|
tracking-fennec: --- → ?
|
||
Comment 1•15 years ago
|
||
Sorry, from reading bug 526880 I can't figure out why this is nominated to block? Can someone explain the issue and product decision?
|
|
||
Comment 2•15 years ago
|
||
Gavin explained it: the plaintext password shows up for a long enough period as to expose it. Maybe not a problem on Fennec, but definitely a problem on WinCE where the screen is a touch bigger and more computer like.
Flags: blocking1.9.2? → blocking1.9.2+
|
|
Assignee | |
Comment 3•15 years ago
|
||
When you load a page and the password manager fills in your passwords, they are clear text for 6/10s of a second before being replaced by asterisks. So anyone with access to your device can get your passwords from the password manager by loading the pages in the browser, which is not the desired behavior.
Flags: blocking1.9.2+ → blocking1.9.2?
|
|
||
Updated•15 years ago
|
Flags: blocking1.9.2? → blocking1.9.2+
|
|
Assignee | |
Comment 4•15 years ago
|
||
(In reply to comment #2) > Maybe not a problem on Fennec, but definitely a problem on WinCE still a problem for Fennec since the danger isn't in someone snooping over your shoulder, but instead picking up your device.
|
|
||
Updated•15 years ago
|
Whiteboard: [needs review]
|
||
Updated•15 years ago
|
tracking-fennec: ? → 1.0+
|
|
||
Updated•15 years ago
|
Severity: blocker → critical
OS: Windows CE → All
Summary: [WinCE] Password Number and Letter combos flash in clear text when password manager fills in password field → Password Number and Letter combos flash in clear text when password manager fills in password field
|
||
Comment 5•15 years ago
|
||
(Paraphrased from bug 526880 comment #11) The code for password manager filling in the password field goes through nsTextControlFrame.cpp which already has to modify the editor flags to deal with various edge cases, so I think it might be better to move the fix there.
|
|
Assignee | |
Comment 6•15 years ago
|
||
Attachment #414449 -
Flags: review?(neil)
|
|
||
Comment 7•15 years ago
|
||
Comment on attachment 414449 [details] [diff] [review] patch v.2 >+, mTimer(nsnull) nsCOMPtr defaults to nsnull anyway, no?
Attachment #414449 -
Flags: review?(neil) → review+
|
|
||
Updated•15 years ago
|
Attachment #413876 -
Flags: review?(neil)
|
|
Assignee | |
Comment 8•15 years ago
|
||
(In reply to comment #7) > (From update of attachment 414449 [details] [diff] [review]) > >+, mTimer(nsnull) > nsCOMPtr defaults to nsnull anyway, no? I believe so, I guess that change isn't needed.
|
|
Assignee | |
Comment 9•15 years ago
|
||
pushed http://hg.mozilla.org/mozilla-central/rev/2e8553f076f8
|
|
Assignee | |
Comment 10•15 years ago
|
||
Comment on attachment 414449 [details] [diff] [review] patch v.2 I'm asking for approval even though this is already blocking because this has an interface change. I propose removing eEditorDontEchoPassword from nsIPlaintextEditor and replacing it with a comment saying 0x1000 is being used to stop password echoing. and just using a hard coded 0x1000 in nsTextEditRules.cpp and nsTextControlFrame.cpp. Its a bit hacky, but avoids having to create a nsIPlaintextEditor_BRANCH_1_9_2.
Attachment #414449 -
Flags: approval1.9.2?
|
|
Assignee | |
Updated•15 years ago
|
Attachment #413876 -
Attachment is obsolete: true
|
||
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: [needs review]
Target Milestone: --- → mozilla1.9.3a1
|
||
Comment 11•15 years ago
|
||
Adding a constant to an interface isn't an incompatible change, so there's no need to worry about it - you can just land as is.
|
|
||
Updated•15 years ago
|
Keywords: checkin-needed
Whiteboard: [can land 1.9.2]
|
|
||
Updated•15 years ago
|
Attachment #414449 -
Flags: approval1.9.2?
|
|
Assignee | |
Comment 13•15 years ago
|
||
pushed http://hg.mozilla.org/releases/mozilla-1.9.2/rev/3e0eb9af74bd
status1.9.2:
--- → final-fixed
|
||
Updated•15 years ago
|
Keywords: checkin-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•