User-Agent: Mozilla/5.0 (Windows; U; Win98; de-AT; rv:1.7.10) Gecko/20050716 Build Identifier: Mozilla/5.0 (Windows; U; Win98; de-AT; rv:1.7.10) Gecko/20050716 If logging into ftp page the classic way (ftp://user:password@somewhere.com) the user and password are permanantly visible in download-managers source column (not whiped after download finished). Same problem with the browsers history window. This might be a security flaw, cause no one wants username and corresponding passwords be visible to other users on the machine. Seems to be independent of OS. Reproducible: Always Steps to Reproduce: 1.Type in an ftp address in the classical way: ftp://user:password@ftp.adr 2.Complete address including username/password ist stored in the most recently visited sites. 3.If a download is started the complete address including username/password is visible and stored in the source column of download-manager Actual Results: After downloading or looking in site history username/password is still visible to other users of this machine. Expected Results: User/Password@ should be deleted after download has ended. User/password@ should not be visible in site history.

The history part is bug 130327

Can you reproduce with SeaMonkey v1.1.9 ? Can you reproduce with SeaMonkey v2.0a1pre ?

(In reply to comment #2) > Can you reproduce with SeaMonkey v1.1.9 ? > Can you reproduce with SeaMonkey v2.0a1pre ? > Reproducable with SeaMonkey v1.1.9, not tested with v2.0a1pre