Password overwritten with space characters after editing a login in about:logins
Categories
(Firefox :: about:logins, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox-esr68 | --- | unaffected |
firefox69 | --- | unaffected |
firefox70 | + | verified |
firefox71 | --- | verified |
People
(Reporter: ddurst, Assigned: MattN)
References
(Regression)
Details
(Keywords: dataloss, regression, Whiteboard: [passwords:management] [skyline])
Attachments
(1 file)
(deleted),
text/x-phabricator-request
|
Details |
I have 4 saved logins. Reveal password (for two of them) shows only blanks, no matter what mode I'm in. If I edit and add characters to one of those "blank" passwords, then... then I still see blanks for the characters I did not change, but I do see the characters I do change. But if I add a new login, this doesn't happen.
In addition, if I try to use the (unedited) other blank password when logging in, inspection shows that the value being attempted is actually just blanks. That login was
Created: August 29, 2019
Last modified: September 16, 2019
Last used: September 13, 2019
If I delete the offending login and re-save it, it appears fine in about:logins thereafter.
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
I will look into whether we can use the .value
setter instead of .defaultValue
in some cases to avoid the @value attribute disclosing the password. I believe we don't use .value
because it causes the field to be "dirty" for form validation but that would only be a problem for the new login form I think.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 2•5 years ago
|
||
[Tracking Requested - why for this release]: dataloss in the new about:logins
I think the more accurate/likely description would be that editing of saved login overwrote your password with spaces.
Assignee | ||
Comment 3•5 years ago
|
||
The previous approach of using space characters would sometimes end up causing spaces to get saved in storage and cause data loss.
Tracking since we may want to uplift to beta.
Comment 6•5 years ago
|
||
bugherder |
Assignee | ||
Comment 7•5 years ago
|
||
bugherder uplift |
I have verified this issue on the latest Nightly 71.0a1 (Build ID 20190923215658) build and the Firefox Beta 70.0b9 (Build ID: 20190923154733) (64-bit) on Windows 7, MacOS 10.14 and Arch 4.14.
- The "value" attribute and the password is no longer displayed using inspector tool with or without a master password set in the following situations:
- Creating a new login.
- Editing a saved login.
- Revealing the password.
- Inspecting the password of a login item.
Updated•5 years ago
|
Updated•5 years ago
|
Updated•3 years ago
|
Description
•