This is a bug on the trunk but not the branch. I wonder if it could be related to bug 147022. I'm seeing a situation where window.prompt is using a saved password instead of prompting me. I'm not sure what the saved password is from -- it could be saved from either a website or from HTTP-auth, since I use it for a bunch of things. It's getting filled in when I use a bookmark of the URL javascript:id=document.getSelection();if(!id){void(id=prompt('Show Mozilla bug no.',''))}if(id)location.href='http://bugzilla.mozilla.org/show_bug.cgi?id='+escape(id)+' ' Someone else reported a similar problem with a POP password being filled in to a googlesearch button.

marking as security sensitive

I'm not sure if this really needs to be security-sensitive since it's trunk only. However, in any case, filing was prompted by this message (which dawn forwarded to drivers since she was worried about whether it was on the branch), and I had been seeing the similar problem reported above. Date: Sat, 01 Jun 2002 14:09:33 +0200 Subject: Mozilla security bug report From: Andreas Richter <ar242@uni.de> To: security@mozilla.org GoogleSearch browser button submits pop3 password to Google The GoogleSearch browser button (http://www.google.com/options/netscape6.html) uses JavaScript to open a pop-up box for submitting search terms to Google. However, if a POP3 password from Mail & Newsgroups is stored in password manager, no pop-up box appears and the stored password gets submitted to Google instead, appearing as search term in Google's results. This happens only if mailbox passwords are stored in password manager alone. If other passwords such as web site logins are stored alongside pop3 passwords, the browser button functions as expected and no password gets submitted. This happens with trunk nightly build 2002053104 on WinXP and Win2000, and also appeared in the previous days' builds. Attachment Google1.png: Expected result Attachment Google2.png: Submitted password (using "My_Password" as stored pop3 password)

cc'ing the reporter of the pop password problem plus the guilty parties from bug 147022

This was caused by the following checkin to singsign.cpp: ---------------------------- revision 1.216 date: 2002/05/28 05:35:35; author: timeless%mac.com; state: Exp; lines: +1 -1Bugzilla Bug 147022 Crash when calling prompt() with 2 arguments [@nsACString::Last] The theory is that the string was "" but the code only handled (char*)0 for empty strings, The result is a crash in Last() for an empty string. r=bzbarsky sr=jst

Comment on attachment 85906 [details] [diff] [review] proposed fix Are there plans for making Last() on an empty string not crash? Either way, sr=jst

Comment on attachment 85906 [details] [diff] [review] proposed fix r=morse

reassigning to holder of bug 147022

really reassigning this time.

Fix checked into the trunk on behalf of David Baron.

Nominating nsbeta1.

nominating since it's required to fix 94775

I'd argue the security flag ought to be removed from this bug. It is a security problem, but it's only a problem for about a week of nightly builds (20020527 through 20020603) on the trunk in which there were no milestone releases. To the best of our knowledge there were no vendor releases (no sane vendor would release off a mid-milestone trunk build). Therefore we should open this up so we can point testers at this bug as a reason to get off the 5/27-6/3 builds ASAP. I don't believe this warrants a listing on the vulnerabilities page since there was no release containing this flaw. Listing every little transient problem will only obscure the serious ones. I will send mail to security-group as per the process at http://mozilla.org/projects/security/security-bugs-policy.html

adding adt1.0.1+ for checkin to the branch along with 94775 and 147022. Please get drivers approval before checking in.

Fix landed in the branch.

Verified fix checked into MOZILLA_1_0_BRANCH

*** Bug 148989 has been marked as a duplicate of this bug. ***