Package: mozilla-browser Version: 2:1.7.8-1 Severity: normal
Mozilla fills in login/password into unrelated/different forms (different url and different fields). This might or might not be a serious issue, as mozilla doesn't check the type of the input field: maybe it is possible to fetch login/pw information by hidden fields. In any case, mozilla fills in data that originally was in a password (== write only) field into a normal input field (== readable), so when this would happen in a public place the password would be plainly visible. Example: On this url: http://localhost:81/agni//6lD-S0tLJr9G.fcT8-5LvV I had this login-form: <form action='/agni//knwA1rztPuK-GBIAqzX82k' method='POST'><input value='ä' name='a' type='hidden' /> <table> <tr> <th>Username: </th> <td><input value='' name='b' type='text' size='20' /></td> </tr> <tr> <th>Password: </th> <td><input value='' name='c' type='password' size='20' /></td> </tr> <tr> <th> </th> <td><input value='Login' name='d' type='submit' /></td> </tr> </table> I typed in login/password and then clicked on the "remember form fields" option in the dialog. Later, in the same application, I visited a page (http://localhost:81/agni//8pHHS6b0nJRmzUEJGTtnIF) that had this form (shortened, the real form is much longer): <form action='/agni//0iChpze4Lb-uGiL0rBlaNV' method='POST'><input value="ä" name="a" type="hidden"> <table border="0" cellspacing="2" cellpadding="2"> <tr> <td><img src="/agni//LVzkXc--FV43ApmOk9MtkF" width="32" height="32" border="0" title="" alt=""></td> <td> <h1 class="topmost">10.0.0.12</h1> </td> </tr> </table> <table> <tr> <th align="left">Hostname: </th> <td colspan="1"><input value="10.0.0.12" name="b" type="text" size="20"></td> <th align="left">Domain: </th> <td colspan="1"><input value="" name="c" type="text" size="20"> </td> </tr> <tr> <th align="left">IP Address: </th> <td colspan="1"><input value="10.0.0.12" name="d" type="text" size="15"></td> <th align="left">Group/Pair: </th> <td colspan="1"> [....] In this form, mozilla put the original "login" name into the Hostname (b) field, while the password was put into the Domain field (c), where it was plainly visible for all people around. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.14 Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages mozilla-browser depends on: ii debconf 1.4.58 Debian configuration management sy ii libatk1.0-0 1.10.3-1 The ATK accessibility toolkit hi libc6 2.3.5-4 GNU C Library: Shared libraries an ii libfontconfig1 2.3.2-1.1 generic font configuration library hi libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib ii libgcc1 1:4.0.2-2 GCC support library ii libglib2.0-0 2.8.3-1 The GLib library of C routines ii libgtk2.0-0 2.6.10-1 The GTK+ graphical user interface ii libnspr4 2:1.7.8-1 Netscape Portable Runtime Library ii libpango1.0-0 1.8.2-3 Layout and rendering of internatio ii libstdc++6 4.0.2-2 The GNU Standard C++ Library v3 ii libx11-6 6.8.2.dfsg.1-10 X Window System protocol client li ii libxext6 6.8.2.dfsg.1-10 X Window System miscellaneous exte ii libxft2 2.1.7-1 FreeType-based font drawing librar ii libxp6 6.8.2.dfsg.1-10 X Window System printing extension ii libxrender1 1:0.9.0-2 X Rendering Extension client libra ii libxt6 6.8.2.dfsg.1-10 X Toolkit Intrinsics ii psmisc 21.6-1 Utilities that use the proc filesy ii xlibs 6.8.2.dfsg.1-10 X Window System client libraries m ii zlib1g 1:1.2.3-6 compression library - runtime Versions of packages mozilla-browser recommends: ii mozilla-psm 2:1.7.8-1 The Mozilla Internet application s pn myspell-en-us | myspell-dicti <none> (no description available) -- debconf information: * mozilla/freetype: true * mozilla/gdkxft_note: * mozilla/prefs_note: * mozilla/dsp: none * mozilla/locale_auto: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
