Closed
Bug 148520
Opened 22 years ago
Closed 22 years ago
window.prompt is returning a saved password instead of prompting.
Categories
(SeaMonkey :: Passwords & Permissions, defect)
SeaMonkey
Passwords & Permissions
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: dbaron, Assigned: cavin)
References
Details
Attachments
(1 file)
(deleted),
patch
|
morse
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
This is a bug on the trunk but not the branch. I wonder if it could be related
to bug 147022.
I'm seeing a situation where window.prompt is using a saved password instead of
prompting me. I'm not sure what the saved password is from -- it could be saved
from either a website or from HTTP-auth, since I use it for a bunch of things.
It's getting filled in when I use a bookmark of the URL
javascript:id=document.getSelection();if(!id){void(id=prompt('Show Mozilla bug
no.',''))}if(id)location.href='http://bugzilla.mozilla.org/show_bug.cgi?id='+escape(id)+'
'
Someone else reported a similar problem with a POP password being filled in to a
googlesearch button.
Reporter | ||
Comment 2•22 years ago
|
||
I'm not sure if this really needs to be security-sensitive since it's trunk
only. However, in any case, filing was prompted by this message (which dawn
forwarded to drivers since she was worried about whether it was on the branch),
and I had been seeing the similar problem reported above.
Date: Sat, 01 Jun 2002 14:09:33 +0200
Subject: Mozilla security bug report
From: Andreas Richter <ar242@uni.de>
To: security@mozilla.org
GoogleSearch browser button submits pop3 password to Google
The GoogleSearch browser button
(http://www.google.com/options/netscape6.html) uses JavaScript to open a
pop-up box for submitting search terms to Google. However, if a POP3
password from Mail & Newsgroups is stored in password manager, no pop-up
box appears and the stored password gets submitted to Google instead,
appearing as search term in Google's results. This happens only if
mailbox passwords are stored in password manager alone. If other
passwords such as web site logins are stored alongside pop3 passwords,
the browser button functions as expected and no password gets submitted.
This happens with trunk nightly build 2002053104 on WinXP and Win2000,
and also appeared in the previous days' builds.
Attachment Google1.png: Expected result
Attachment Google2.png: Submitted password (using "My_Password" as
stored pop3 password)
Comment 3•22 years ago
|
||
cc'ing the reporter of the pop password problem plus the guilty parties from bug
147022
Whiteboard: bzbarsky@mit.edu
Reporter | ||
Updated•22 years ago
|
Whiteboard: bzbarsky@mit.edu
Reporter | ||
Comment 4•22 years ago
|
||
This was caused by the following checkin to singsign.cpp:
----------------------------
revision 1.216
date: 2002/05/28 05:35:35; author: timeless%mac.com; state: Exp; lines: +1
-1Bugzilla Bug 147022 Crash when calling prompt() with 2 arguments
[@nsACString::Last]
The theory is that the string was "" but the code only handled (char*)0 for
empty strings,
The result is a crash in Last() for an empty string.
r=bzbarsky sr=jst
Reporter | ||
Comment 5•22 years ago
|
||
Comment 6•22 years ago
|
||
Comment on attachment 85906 [details] [diff] [review]
proposed fix
Are there plans for making Last() on an empty string not crash?
Either way, sr=jst
Attachment #85906 -
Flags: superreview+
Comment 7•22 years ago
|
||
Comment on attachment 85906 [details] [diff] [review]
proposed fix
r=morse
Attachment #85906 -
Flags: review+
Comment 8•22 years ago
|
||
reassigning to holder of bug 147022
Assignee | ||
Comment 10•22 years ago
|
||
Fix checked into the trunk on behalf of David Baron.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 12•22 years ago
|
||
nominating since it's required to fix 94775
Comment 13•22 years ago
|
||
I'd argue the security flag ought to be removed from this bug. It is a security
problem, but it's only a problem for about a week of nightly builds (20020527
through 20020603) on the trunk in which there were no milestone releases. To the
best of our knowledge there were no vendor releases (no sane vendor would
release off a mid-milestone trunk build).
Therefore we should open this up so we can point testers at this bug as a reason
to get off the 5/27-6/3 builds ASAP. I don't believe this warrants a listing on
the vulnerabilities page since there was no release containing this flaw.
Listing every little transient problem will only obscure the serious ones.
I will send mail to security-group as per the process at
http://mozilla.org/projects/security/security-bugs-policy.html
Comment 14•22 years ago
|
||
adding adt1.0.1+ for checkin to the branch along with 94775 and 147022. Please
get drivers approval before checking in.
Comment 16•22 years ago
|
||
Verified fix checked into MOZILLA_1_0_BRANCH
Status: RESOLVED → VERIFIED
Keywords: fixed1.0.1 → verified1.0.1
Comment 17•22 years ago
|
||
*** Bug 148989 has been marked as a duplicate of this bug. ***
Updated•22 years ago
|
Group: security?
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•