Open Bug 635439 Opened 10 years ago Updated 6 years ago
Remove doorhanger key icon when "Not now" is selected in Password Save doorhanger
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0b12pre) Gecko/20110218 Firefox/4.0b12pre Build Identifier: Mozilla/5.0 (Windows NT 6.1; rv:2.0b12pre) Gecko/20110218 Firefox/4.0b12pre In Fx4, you can no longer choose "Don't Save" when it asks you whether you want to save your password. You can only hide the doorhanger notification not dismiss it completely. This is a huge attack vector because other users can click on the doorhanger key icon, save the password, and then view what the password is in the password manager. The behavior of the "Not Now" option in the doorhanger submenu should be changed to "Don't Save', where any password information that Firefox was about to save is DELETED and the doorhanger key icon is REMOVED. Here's two usage scenarios that I see where the lack of "Don't Save" is severely detrimental. Let's say that a user is using a public computer and needs to print an email. He leaves the computer to retrieve the pages he's printed. *Without "Don't Save" 1.) User logs in to email. 2.) He sees Password Save doorhanger. Dismisses (hides) it because he does not want to save password. 3.) Prints email and leaves computer to retrieve pages from printer. 4.) ATTACK VECTOR: Another user reopens doorhanger, saves password, opens Password Manager, writes down password. *With "Don't Save" 1.) User logs in to email. 2.) He sees Password Save doorhanger. Selects "Don't Save For Now". Doorhanger completely disappears. 3.) Prints email and leaves computer to retrieve pages from printer. 4.) ATTACK PREVENTED: Another user sees email account is open, but can not reopen the doorhanger and access password. The worst he can do is send insulting emails to your girlfriend, but at least your password is safe. I really hope this makes it clear why this feature is needed. This is a huge security hole for people using Firefox in Internet cafes or public schools. This is also a huge regression in functionality from Fx 3.6, which did offer a "don't save for now" option in the form of the X button. Now before you WONTFIX this, let me refute all of the reasons against this that I've heard so far. 1.) Adds UI Clutter. We already have a "Not Now" option that currently just hides the doorhanger. This is redundant since users can already hide the doorhanger by clicking on the X button or on web content. Redundancy is UI clutter. Let's change this option to behave like "Don't Save" and make it useful. 2.) Set a master password. This option might work for private computers, but it is completely invalid for public computers. Why would you set a master password on a public computer? 3.) Just select "Never Remember Password For This Site". Just because I don't want my password saved doesn't mean that I should decide that other users can't save their passwords on that site. 4.) If you don't trust the computer you're using, it's already Game Over. For all you know they're running a modified Firefox that steals your password. But other workarounds would be to close the tab, or better yet start Private Browsing mode. Not a valid argument. This is like saying a computer might have a keylogger and therefore we should make Firefox save all passwords because it is unavoidable anyways. We're not talking about modified versions of Firefox here. We're talking about a flaw that makes it damned easy for people with UNMODIFIED versions of Firefox to steal YOUR personal info. Firefox, being a safe and secure browser, should not in anyway AID in the stealing of passwords. Reproducible: Always
I can confirm the problematic behavior on Mozilla/5.0 (X11; Linux x86_64; rv:2.0b12pre) Gecko/20110218 Firefox/4.0b12pre ID:20110218045138
Confirming this bug - key hangs around when dismissed rather than saving password allowing user to -revisit/enable an password.
Severity: normal → major
Status: UNCONFIRMED → NEW
blocking2.0: --- → ?
Ever confirmed: true
Not WONTFIXING yet, but this is not a blocker.
blocking2.0: ? → -
(In reply to comment #3) > Not WONTFIXING yet, but this is not a blocker. Can you please explain the rationale to WONTFIX? This is equivalent to people inadvertently writing passwords on a post-it note and sticking it to their monitors.
You need to log in before you can comment on or make changes to this bug.