Bug#790498: iceweasel: upgrading from jessie makes all passwords in the password manager invalid
Török Edwin
edwin at etorok.net
Mon Jun 29 20:28:02 UTC 2015
Package: iceweasel
Version: 38.0.1-5
Severity: grave
Justification: causes non-serious data loss
Dear Maintainer,
I have upgraded Iceweasel from jessie (31.7.0esr-1~deb8u1) to testing and
suddenly none of my saved passwords worked, and the password manager doesn't
even show all the websites
that have stored passwords in the jessie version.
I am still able to login to my websites if I manually type in the correct
password (and tell iceweasel to save the updated passwords),
however using the prefilled passwords doesn't work, and looking up the
passwords in the password manager and pressing show password
reveals the wrong password.
When I press show passwords most passwords look like base64 (a-zA-Z0-9+/)
whereas the original passwords had a combination of alphanumeric and symbols.
If I downgrade to the version in jessie then the passwords work correctly again
(including the ones overwritten by the testing version of iceweasel).
I tried to create a new account just for the purpose of testing this bug, but
the site and associated password doesn't show up at all when upgrading
iceweasel (and is visible again when downgrading),
haven't figured out so far what makes a site/user/password "survive" the
upgrade.
I've marked the bug as 'causes data loss', because initially that is what I
thought happened when none of the passwords worked, and I'm still not sure how
safe the data in the password manager is
across upgrades/downgrades (so far downgrading has restored all passwords, but
I can't be sure it'll stay that way).
-- Package-specific info:
-- Extensions information
Name: Certificate Patrol
Location: ${PROFILE_EXTENSIONS}/CertPatrol at PSYC.EU.xpi
Status: enabled
Name: Click-to-Play Manager
Location: ${PROFILE_EXTENSIONS}/click-to-play-manager at xulforge.com.xpi
Status: enabled
Name: Default theme
Location: /usr/lib/iceweasel/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled
Name: It's All Text!
Location: ${PROFILE_EXTENSIONS}/itsalltext at docwhat.gerf.org
Status: enabled
Name: Live HTTP headers
Location: ${PROFILE_EXTENSIONS}/{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
Status: enabled
Name: uBlock Origin
Location: ${PROFILE_EXTENSIONS}/uBlock0 at raymondhill.net.xpi
Status: enabled
-- Plugins information
-- Addons package information
ii iceweasel 38.0.1-5 amd64 Web browser based on Firefox
-- System Information:
Debian Release: 8.1
APT prefers stable
APT policy: (900, 'stable'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages iceweasel depends on:
ii debianutils 4.4+b1
ii fontconfig 2.11.0-6.3
ii libasound2 1.0.28-1
ii libatk1.0-0 2.14.0-1
ii libc6 2.19-18
ii libcairo2 1.14.0-2.1
ii libdbus-1-3 1.8.18-0+deb8u1
ii libdbus-glib-1-2 0.102-1
ii libevent-2.0-5 2.0.21-stable-2
ii libffi6 3.1-2+b2
ii libfontconfig1 2.11.0-6.3
ii libfreetype6 2.5.2-3
ii libgcc1 1:4.9.2-10
ii libgdk-pixbuf2.0-0 2.31.1-2+b1
ii libglib2.0-0 2.42.1-1
ii libgtk2.0-0 2.24.25-3
ii libhunspell-1.3-0 1.3.3-3
ii libnspr4 2:4.10.7-1
ii libnss3 2:3.17.2-1.1
ii libpango-1.0-0 1.36.8-3
ii libsqlite3-0 3.8.7.1-1+deb8u1
ii libstartup-notification0 0.12-4
ii libstdc++6 4.9.2-10
ii libvpx2 1.4.0-4
ii libx11-6 2:1.6.2-3
ii libxcomposite1 1:0.4.4-1
ii libxdamage1 1:1.1.4-2+b1
ii libxext6 2:1.3.3-1
ii libxfixes3 1:5.0.1-2+b2
ii libxrender1 1:0.9.8-1+b1
ii libxt6 1:1.1.4-1+b1
ii procps 2:3.3.9-9
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages iceweasel recommends:
ii gstreamer1.0-libav 1.4.4-2
ii gstreamer1.0-plugins-good 1.4.4-2
Versions of packages iceweasel suggests:
ii fonts-mathjax 2.4-2
ii fonts-oflb-asana-math 000.907-6
ii fonts-stix [otf-stix] 1.1.1-1
ii libcanberra0 0.30-2.1
ii libgnomeui-0 2.24.5-3
ii libgssapi-krb5-2 1.12.1+dfsg-19
pn mozplugger <none>
-- no debconf information
More information about the pkg-mozilla-maintainers
mailing list