funsec mailing list archives
Satire? You decide: Bugzilla Bug 330884
From: "Fergie" <fergdawg () netzero net>
Date: Wed, 22 Mar 2006 18:46:02 GMT
Props to John Murrell over on GMSV. Enjoy. ;-) [snip] Bugzilla Bug 330884: Summary: When different users on one system choose to save or not save passwords for sites, any other user can see sites they not only saved passwords for but can also see what other users have been saving/never saving passwords for. Reproducible: Always Steps to Reproduce: 1. Create 2 unique user accounts (for steps sake, let's call the two accounts Joe and Mary) in Windows XP Home. 2. Logout and sign-in under Joe. 3. Open Firefox and go to an e-mail site or to jdate.com or wherever. 4. Attempt to log-in to the site so that Firefox will ask whether or not you want your password saved. 5. Choose not to save the password. 6. After successfully logging in and having selected the "never save password" option, logout. 7. Log-in as Mary and open Firefox. 8. Browse, browse, browse ... but you don't really have to. Just go to "View Saved Passwords," click on the tab that will show you sites to never save passwords for, and you'll see whatever painful site Joe denied to save a password for. 9. Break-up with fiancé." --A Firefox user who now has the free time to follow up on browser privacy issues [snip] http://blogs.siliconvalley.com/gmsv/2006/03/quoted_17.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Satire? You decide: Bugzilla Bug 330884 Fergie (Mar 22)