Ubuntu
firefox-3.0 package

clearing saved passwords possible without master password

Bug #382107 reported by beh
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mozilla Firefox
Won't Fix
Wishlist
firefox-3.0 (Ubuntu)
Invalid
Wishlist
Unassigned

Bug Description

When Clearing private data (Tools ->Clear Private Data...), it shouldn't be possible to remove saved passwords without entering Master Password (if used).

To reproduce
Make a new FF profile (so that you don't lose your passwords), save some passwords with master pw enabled, and delete them with Clear private data -dialog. You can even restart Firefox so that you haven't entered the master pw before deletion.

tested in
Firefox 3.10
Kubuntu 9.04 64bit

See original description
Revision history for this message
In , Joshbirnbaum-mozil (joshbirnbaum-mozil) wrote :

Firefox 1.5 no longer has a "Clear All" button.

If someone has physical access to a computer, there will always be a way for them to remove traces of their actions. It's just a question about how much you want to pretend that they can't, and how noticeable the deletion will be after the fact.

See bug 266945 for a Password Manager specific discussion.

Revision history for this message
In , Mills47460 (mills47460) wrote :

I do not feel that the "tools - Options" section should be available to everyone who uses a computer, just those who know the master password.

Revision history for this message
beh (beh) wrote :

When Clearing private data (Tools ->Clear Private Data...), it shouldn't be possible to remove saved passwords without entering Master Password (if used).

To reproduce
Make a new FF profile (so that you don't lose your passwords), save some passwords with master pw enabled, and delete them with Clear private data -dialog. You can even restart Firefox so that you haven't entered the master pw before deletion.

tested in
Firefox 3.10
Kubuntu 9.04 64bit

Revision history for this message
John Vivirito (gnomefreak) wrote :

I'm changing package to ubufox since i cant remember if ubufox handles it or firefox does. I am failry sure it is firefox.
I will check sometime soon on this.

affects: firefox (Ubuntu) → firefox-3.0 (Ubuntu)
Changed in firefox-3.0 (Ubuntu):
importance: Undecided → Wishlist
status: New → Incomplete
Revision history for this message
John Vivirito (gnomefreak) wrote :

Sorry for above comment this is a firefox bug. Can you please file this bug upstream with mozilla at:
https://bugzilla.mozilla.org/
Please drop the link to upstream bug report on this bug so we can track it.

Revision history for this message
beh (beh) wrote :

I'm sorry, but I just couldn't do it. I tried, but bugzilla messed everything up (due to pressing an arrow key in wrong place, I suspect) and I lost all i had written (they have such complicated bug report form).

It seems that they are changing Clear private data -dialog (https://bugzilla.mozilla.org/show_bug.cgi?id=472226) to FF 3.5, and that is good enough for me.

However, I still think that this is kind of a security issue because changing (deleting in this case) saved password is possible without master password and shouldn't be ignored totally by all (if anybody can confirm this).

Anyway thanks for quick responce.

btw, I'm really using FF 3.0.10, not 3.10, sorry about that.

Revision history for this message
John Vivirito (gnomefreak) wrote :

That bug is only abuot a UI change not password bug that you reported here.
Found the upstream bug report. Attaching now

Revision history for this message
In , John Vivirito (gnomefreak) wrote :

This happen is Linux as well, here is the Ubuntu bug related to this.

https://bugs.launchpad.net/firefox/+bug/382107

Bug Watch Updater (bug-watch-updater)
Changed in firefox:
status: Unknown → New
Revision history for this message
In , Highmind63 (highmind63) wrote :

*** Bug 498748 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Highmind63 (highmind63) wrote :

Confirming, for investigation. This might be a privacy boost of sorts, but consider the fact that history can still be deleted (as well as cookies and passwords) through other mechanisms, making this kind of futile.

Bug Watch Updater (bug-watch-updater)
Changed in firefox:
status: New → Confirmed
Revision history for this message
In , Johnath (johnath) wrote :

I think this is WONTFIX, but not because I'm not sympathetic, just because I think a) we've mitigated the problem somewhat, and b) doing more than that wouldn't really help things.

As to the mitigation - the new Clear Recent History dialog in Firefox 3.5 makes it harder for this kind of impulsive clearing to have the really exciting consequences Alan describes in comment 0. We don't offer to clear bookmarks or saved passwords at all any more, so the real loss here would be awesomebar contents, cookies, and form autocomplete. But the fact that we provide a time span feature (with a 1-hour default) also makes it much less likely that the daughter in question here would wipe out everything. So I assert that the bug, as reported, would not have occurred with our new dialog the way it did with the old one.

Further, making CRH ask for a master password would ignore the multitude of other ways that exist within the browser and without to damage or delete profile and history data. The Master Password is a combination lock to protect saved passwords from prying eyes, but it is not a "login to the browser" feature in the general sense and even if it were, it would still only prevent stealing of private information, not deletion. A local user logged into your machine can delete things at any point - and a sufficiently motivated or mortified teenager might be among the most adept at doing so.

Because I think things are substantially better now (she likely would have just used Private Browsing mode, if she was poking around in the tools menu) and because the perceived incremental win here isn't really a win, and does not justify the code cost, I'm marking this WONTFIX. Thanks for pinging it, Natch.

Bug Watch Updater (bug-watch-updater)
Changed in firefox:
status: Confirmed → Won't Fix
Bug Watch Updater (bug-watch-updater)
Changed in firefox:
importance: Unknown → Wishlist
Revision history for this message
dino99 (9d9) wrote :

This is no more a supported version

Changed in firefox-3.0 (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.