20110907

Problem ID: 6090941966524022008
Entered by: Ben Simo

Never share your computer with your girlfriend


I found this old bug report in the Mozilla bug database. Is exposing liars a bug or a feature? ;)

Bug 330884 - When different users on one system choose to save or not save passwords for sites, any other user can see sites they not only saved passwords for but can also see what other users have been saving/never saving passwords for.
naomirocks 2006-03-17 15:48:21 PST

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1

This privacy flaw has caused my fiancé and I to break-up after having dated for 5 years.

Basically, we share one computer but under separate Windows XP user accounts. We both use Mozilla Firefox -- well, he used to use it more than I do but now we don't really use it. The privacy flaw is this: when he went to log-in under his dating sites (jdate.com, swinglifestyle.com, adultfriendfinder.com, etc.), Mozilla promptly asks whether or not he'd like Firefox to save the passwords for him. He chose never, obviously. However, when he logged off his user account, and I logged onto my Windows XP account X amount of days later, I decided to use Firefox because hey -- it loaded everything much more efficiently, was better to work on with website designs and is a lot more stable than IE7beta2.

Firefox prompted whether or not I'd like it to save my password for logging into my website. I chose never and changed my mind. I went into the Password Manager to change the saved password option from Never to Always and that's when I saw all these other sites that had been selected as "Never Save Password." Of course, those were sites I had never visited or could ever dream of visiting.

Then I realized who, how and what... and sh*t hit the fan. Your browser does not efficiently respect the privacy of different users for one system.

Reproducible: Always

  Edit

0 Comments:

Post a Comment