Open Bug 575476 Opened 15 years ago Updated 2 years ago

Clicking "Never for This Site" button on "Save Password" dialog / dropdown saves site wide exception, but can be misunderstood as "never save this username/password for this site"

Categories

(Toolkit :: Password Manager, defect, P3)

x86
All
defect

Tracking

()

UNCONFIRMED

People

(Reporter: conceptrat+mozilla, Unassigned)

References

()

Details

(Whiteboard: [passwords:capture-UI])

User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 When clicking the "Never for This Site" button on the "Save Password" dialog / dropdown the Password Manager saves an exception for the whole site, in this case, "https://bugzilla.mozilla.org" as opposed to saving the exception for just this "username" as the context of the "Save Password" dialog / dropdown would indicate. Reproducible: Always Steps to Reproduce: 1. Open the site "https://bugzilla.mozilla.org" and click on the "Log In" link at the top of the page. 2. On the next page, enter a fake (just for this case) "username" and "password" and click the button labelled "Log in". 3. Ignore any errors on the page like "The username or password you entered is not valid" as you didn't use a valid "username" and "password" (you did read that bit above right ;). 4. You are presented with the "Save Password" dialog / dropdown with the text "Do you want Firefox to remember the password for "username" on mozilla.org?" and three buttons labelled "Remember", "Never for This Site" and "Not Now". 4. Click the button labelled "Never for This Site". 5. Now go back to the previous page and try to login using a different fake "username" and "password" and click the button labelled "Log in". Actual Results: You just get the error from the site but no "Save Password" dialog / dropdown. Expected Results: The "Save Password" dialog / dropdown should still come up as this is for a different "username" / "password" combination for this site (URL). Now I realise that the actual result above is the expected result. Looking in the "Exceptions" for "Saved Passwords" under the "Security" tab in "Preferences" you can see the site "https://bugzilla.mozilla.org" in there. So fair enough but I would have thought only if you went directly to the "Exceptions" for "Saved Passwords" in the "Preferences" and had the option of adding a site in there specifically would a site wide exception be possible. As a side note this option doesn't exist though. Perhaps it should but that could perhaps be another request as an enhancement. So anyway the context for the "Save Password" dialog / dropdown would indicate that the button "Never for This Site" would in fact store an exception for just this "username". And so I would've expected to see a line in the "Exceptions" window with the URL and "username" as a match. A blank or "*" for username could perhaps indicate a true site-wide exception. You probably don't need to store the password or maybe shouldn't. I've set the severity to "Minor" because I don't think many people have found this to be an issue as yet (I couldn't find any other references but that doesn't mean I searched to Milliways and back).
Component: Security → Password Manager
OS: Mac OS X → All
Product: Firefox → Toolkit
See Also: → 439546
Summary: Clicking "Never for This Site" button on "Save Password" dialog / dropdown saves site wide exception → Clicking "Never for This Site" button on "Save Password" dialog / dropdown saves site wide exception, but can be misunderstood as "never save this username/password for this site"
Whiteboard: [passwords:capture-UI]
Flags: needinfo?(tejasrockzzz)
Priority: -- → P3
Severity: minor → S4

https://premiumcrackz.com/webcammax-crack/
best software for chatting

You can run a quick scan if you don’t want to root your device. You can manage files that you thought didn’t exist.
https://millioncrack.com/phonerescue-crack-2023/

oicemod Pro allows you to add effects such as pitch, echo, and reverb. There are also a lot of unique sound filters that have never been heard before in other voice changers.
https://canarydata.io/voicemod-pro-crack/

You need to log in before you can comment on or make changes to this bug.