[Secure-testing-team] Bug#775755: Logs usernames filled into login dialogs
Josh Triplett
josh at joshtriplett.org
Mon Jan 19 16:38:07 UTC 2015
Package: iceweasel
Version: 32.0-1
Severity: important
Tags: security
iceweasel seems to have some kind of debugging message that logs values filled
in by the password manager, producing lines like these:
Jan 19 08:35:10 thin iceweasel.desktop[21101]: field value:
Jan 19 08:35:10 thin iceweasel.desktop[21101]: selectedLogin value: josh at joshtriplett.org
Jan 19 08:35:14 thin iceweasel.desktop[21101]: field value: josh at joshtriplett.org
Jan 19 08:35:14 thin iceweasel.desktop[21101]: selectedLogin value: josh at joshtriplett.org
- Josh Triplett
-- Package-specific info:
-- Extensions information
Name: Adblock Plus
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Package: xul-ext-adblock-plus
Status: enabled
Name: Default theme
Location: /usr/lib/iceweasel/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled
Name: HTTPS-Everywhere
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/https-everywhere at eff.org
Package: xul-ext-https-everywhere
Status: enabled
Name: It's All Text!
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/itsalltext at docwhat.gerf.org
Package: xul-ext-itsalltext
Status: enabled
-- Plugins information
Name: Gnome Shell Integration
Location: /usr/lib/mozilla/plugins/libgnome-shell-browser-plugin.so
Package: gnome-shell
Status: enabled
Name: iTunes Application Detector
Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so
Package: rhythmbox-plugins
Status: enabled
-- Addons package information
ii gnome-shell 3.14.2-3+b1 amd64 graphical shell for the GNOME des
ii iceweasel 32.0-1 amd64 Web browser based on Firefox
ii rhythmbox-plug 3.1-1 amd64 plugins for rhythmbox music playe
ii xul-ext-adbloc 2.6.6+dfsg-1 all advertisement blocking extension
ii xul-ext-https- 4.0.2-3 all extension to force the use of HTT
ii xul-ext-itsall 1.8.1-2 all extension to edit textareas using
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.18.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages iceweasel depends on:
ii debianutils 4.4+b1
ii fontconfig 2.11.0-6.3
ii libasound2 1.0.28-1
ii libatk1.0-0 2.14.0-1
ii libc6 2.19-13
ii libcairo2 1.14.0-2.1
ii libdbus-1-3 1.8.14-1
ii libdbus-glib-1-2 0.102-1
ii libevent-2.0-5 2.0.21-stable-2
ii libffi6 3.1-2+b2
ii libfontconfig1 2.11.0-6.3
ii libfreetype6 2.5.2-2
ii libgcc1 1:4.9.2-10
ii libgdk-pixbuf2.0-0 2.31.1-2+b1
ii libglib2.0-0 2.42.1-1
ii libgtk2.0-0 2.24.25-1
ii libhunspell-1.3-0 1.3.3-3
ii libnspr4 2:4.10.7-1
ii libnss3 2:3.17.2-1.1
ii libpango-1.0-0 1.36.8-3
ii libsqlite3-0 3.8.7.4-1
ii libstartup-notification0 0.12-4
ii libstdc++6 4.9.2-10
ii libvpx1 1.3.0-3
ii libx11-6 2:1.6.2-3
ii libxext6 2:1.3.3-1
ii libxrender1 1:0.9.8-1+b1
ii libxt6 1:1.1.4-1+b1
ii procps 2:3.3.9-8
ii zlib1g 1:1.2.8.dfsg-2+b1
iceweasel recommends no packages.
Versions of packages iceweasel suggests:
pn fonts-mathjax <none>
pn fonts-oflb-asana-math <none>
pn fonts-stix | otf-stix <none>
ii libcanberra0 0.30-2.1
ii libgnomeui-0 2.24.5-3
ii libgssapi-krb5-2 1.12.1+dfsg-16
pn mozplugger <none>
-- no debconf information
More information about the Secure-testing-team
mailing list