Closed
Bug 997203
Opened 11 years ago
Closed 11 years ago
Hacking Firefox to Always Auto Save Password Without Showing Notification
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: shivakumarmca12, Unassigned)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:28.0) Gecko/20100101 Firefox/28.0 (Beta/Release)
Build ID: 20140314220517
Steps to reproduce:
Download PowerArchiver and install it on your computer. This is used to open and edit Firefox files. Make sure that Firefox is not running while following the further procedure. Exit Firefox, if running and move to next step.
Go to C:\Program Files\Mozilla Firefox and look for omni.ja file. Note: Before moving to next step, make sure you have a backup of omni.ja file. If you want to restore your original Firefox settings, you need this default omni.ja file.
Open this file using PowerArchiver. You will see all the files present inside omni.ja. Go to jsloader\resources\gre\components and delete nsLoginManagerPrompter.js file.
Go back to the root folder of omni.ja file and navigate to components folder. In that folder, open nsLoginManagerPrompter.js file using Notepad++. In Notepad++, search for _showSaveLoginNotification function. Now, you have to edit this function as shown in the screenshot.
Replace all the function contents with this:
var pwmgr = this._pwmgr;
pwmgr.addLogin(aLogin);
Actual results:
Save the file and allow PowerArchiver to overwrite the file in omni.ja.
That’s it! Your Firefox is completely configured to auto save passwords without confirmation. Run your Firefox and login to any online account. Firefox will save passsword without asking any for permission. To view saved passwords in Firefox, go to Tools -> Options and hit on Security tab. Then click on Saved Passwords button. In the prompt, click on Show Passwords and you will be able to see saved passwords
Comment 2•11 years ago
|
||
Yes, if you modify Firefox files you can make it do anything you want. Firefox extensions can also do this.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
If this issue can be duplicated then it should not be considered as invalid and if it is resolved share us the way it is resolved
You need to log in
before you can comment on or make changes to this bug.
Description
•