I have 4 saved logins. Reveal password (for two of them) shows only blanks, no matter what mode I'm in. If I edit and add characters to one of those "blank" passwords, then... then I still see blanks for the characters I did not change, but I do see the characters I do change. But if I add a new login, this doesn't happen.

In addition, if I try to use the (unedited) other blank password when logging in, inspection shows that the value being attempted is actually just blanks. That login was

Created: August 29, 2019
Last modified: September 16, 2019
Last used: September 13, 2019

If I delete the offending login and re-save it, it appears fine in about:logins thereafter.

I will look into whether we can use the .value setter instead of .defaultValue in some cases to avoid the @value attribute disclosing the password. I believe we don't use .value because it causes the field to be "dirty" for form validation but that would only be a problem for the new login form I think.

[Tracking Requested - why for this release]: dataloss in the new about:logins

I think the more accurate/likely description would be that editing of saved login overwrote your password with spaces.

The previous approach of using space characters would sometimes end up causing spaces to get saved in storage and cause data loss.

Tracking since we may want to uplift to beta.

https://hg.mozilla.org/mozilla-central/rev/8148aceb475d

https://hg.mozilla.org/releases/mozilla-beta/rev/d855eaf4028b

I have verified this issue on the latest Nightly 71.0a1 (Build ID 20190923215658) build and the Firefox Beta 70.0b9 (Build ID: 20190923154733) (64-bit) on Windows 7, MacOS 10.14 and Arch 4.14.

• The "value" attribute and the password is no longer displayed using inspector tool with or without a master password set in the following situations:
  • Creating a new login.
  • Editing a saved login.
  • Revealing the password.
  • Inspecting the password of a login item.