Bug#775755: Logs usernames filled into login dialogs
Josh Triplett
josh at joshtriplett.org
Tue Jan 20 02:33:15 UTC 2015
On Tue, Jan 20, 2015 at 11:19:06AM +0900, Mike Hommey wrote:
> On Mon, Jan 19, 2015 at 05:56:46PM -0800, Josh Triplett wrote:
> > On Tue, Jan 20, 2015 at 10:39:21AM +0900, Mike Hommey wrote:
> > > On Mon, Jan 19, 2015 at 05:05:48PM -0800, Josh Triplett wrote:
> > > > On Tue, Jan 20, 2015 at 07:56:16AM +0900, Mike Hommey wrote:
> > > > > On Mon, Jan 19, 2015 at 08:38:07AM -0800, Josh Triplett wrote:
> > > > > > Package: iceweasel
> > > > > > Version: 32.0-1
> > > > > > Severity: important
> > > > > > Tags: security
> > > > > >
> > > > > > iceweasel seems to have some kind of debugging message that logs values filled
> > > > > > in by the password manager, producing lines like these:
> > > > > >
> > > > > > Jan 19 08:35:10 thin iceweasel.desktop[21101]: field value:
> > > > > > Jan 19 08:35:10 thin iceweasel.desktop[21101]: selectedLogin value: josh at joshtriplett.org
> > > > > > Jan 19 08:35:14 thin iceweasel.desktop[21101]: field value: josh at joshtriplett.org
> > > > > > Jan 19 08:35:14 thin iceweasel.desktop[21101]: selectedLogin value: josh at joshtriplett.org
> > > > >
> > > > > What if you turn javascript.options.showInConsole to false?
> > > >
> > > > No change; all of those messages still appear.
> > >
> > > Where are these showing up? for what site? Does it happen if you
> > > downgrade to 31 or upgrade to 35?
> >
> > Any site for which I have a username and password remembered in the
> > password manager. gandi.net, patreon.com, twitter.com, ...
> >
> > It doesn't seem to happen in 35.
>
> Does it happen with 31? I can't reproduce with either version, and you
> still didn't tell where that log is showing up?
I'd prefer not to downgrade Firefox; I've encountered non-trivial
problems with my profile when I've done so in the past.
And when you said "Where are these showing up?", I thought you meant
"where on the web", which I answered; I didn't realize you meant "what
log".
They show up in Firefox's stdout or stderr. Once upon a time they would
have ended up in .xsession-errors; now they end up in user.log and the
journal.
A quick search for "field value" and "selectedLogin value" shows other
reports of firefox producing this output.
- Josh Triplett
More information about the pkg-mozilla-maintainers
mailing list