Closed Bug 902419 Opened 11 years ago Closed 11 years ago

Master password should block access to cookies/active logins when not entered

Categories

(Firefox :: Security, enhancement, P5)

Product:
Firefox
Component:
Security
Version:
23 Branch
Platform:
x86_64
Windows 7
Type:
enhancement

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: matthew.leather, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release)
Build ID: 20130730113002

Steps to reproduce:

Enter an incorrect master password


Actual results:

Still able to access sites where the login is already active.


Expected results:

Should be unable to access these sites from a security standpoint.

Would also help to have a guest session system to prevent the enter your password spam from the master password when it's not entered.
Component: Untriaged → Security
Works as expected on Latest Nightly

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0(20130827030201)

> Steps to reproduce:
> Enter an incorrect master password

> Actual results:
> Still able to access sites where the login is already active.
This is expected to happen.

> Expected results:
> Should be unable to access these sites from a security standpoint.
This is not expected to happen. If you enter an incorrect master password in Options->Security->Saved Password you are not allowed to see the sites where you are already logged and theyr passwords. For example: 

1. login to facebook, and check keep me logged in option. 
2. Go to Options->Security and set a Master Password
3. Reopen Firefox and go to www.facebook.com

Expected:
After step 3 you must pe automatically loged in you fb account from step 1.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Severity: normal → enhancement
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.