Open Bug 631272 Opened 10 years ago Updated 10 months ago

Credentials saved twice for same origin with differing formActionOrigin

Categories

(Toolkit :: Password Manager, enhancement, P2)

enhancement

Tracking

()

Tracking Status
firefox72 --- affected
firefox73 --- affected
firefox74 --- affected

People

(Reporter: luckysharma11, Unassigned)

References

Details

(Whiteboard: [passwords:cross-origin])

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20110103 Fedora/3.6.13-1.fc14 Firefox/3.6.13
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20110103 Fedora/3.6.13-1.fc14 Firefox/3.6.13

I had password saved for 'www.facebook.com' but Firefox did not got the same from its saved passwords DB, and asked for the password when i visited the site. Entering the credentials and logging in asked for saving the same with password manager and selecting 'Remember' saved a duplicate entry to DB, which was visible in manager.
Attached is the screen-shot.

Reproducible: Sometimes

Steps to Reproduce:
1. There were 2 entries under the 'Email' field for Facebook, while password manager had only one.
2. Selecting the one that was there with the manager did not populated the password.
3. Deleted the browser cache/history, by selecting everything.
4. Restarted browser and checked www.facebook.com, the password manager asked for master password. The login form did not populated, even after master password submission.
5. Typed in the credentials, and the same were asked to be saved by password manager.
Actual Results:  
There was duplicate entry in password manager, for a FQDN and UserId combination.

Expected Results:  
The password manager should have only one entry for FQDN and UserId combination.
Attached image Duplicate Entry
Component: Security → Password Manager
Product: Firefox → Toolkit
QA Contact: firefox → password.manager
Version: unspecified → 1.9.2 Branch
Was the saved password the same? Was the scheme (http vs. https) the same when you were getting prompted to save again?
Flags: needinfo?(luckysharma11)
Summary: [Password Manager] Credentials saved twice for same FQDN → Credentials saved twice for same FQDN
I see from the screenshot that the origin was the same but I suspect the formSubmitURL was different (e.g. different scheme)
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
See Also: → 213376
Summary: Credentials saved twice for same FQDN → Credentials saved twice for same FQDN with differing formSubmitURL
Whiteboard: [passwords:cross-origin]
Type: defect → enhancement
Flags: needinfo?(luckysharma11)
OS: Linux → All
Hardware: x86_64 → All
Version: 1.9.2 Branch → Trunk
Blocks: 1576148
Priority: P5 → P3
Duplicate of this bug: 1576148

Updating affected flags for this, reproduced on facebook.com and aliexpress.com as well.

Based on a meeting at All Hands, we plan to fix this soon for new saves/updates.

Priority: P3 → P2
Summary: Credentials saved twice for same FQDN with differing formSubmitURL → Credentials saved twice for same origin with differing formActionOrigin
You need to log in before you can comment on or make changes to this bug.