s83/user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2025-04-29 21:43:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

add 0903 ref link

Browse source 
Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission
This commit is contained in:
Thorin-Oakenpants 2022-05-11 14:51:28 +00:00 committed by GitHub
parent 3207478033
commit cb92b8e243
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
user.js
View file

@ -400,7 +400,8 @@ user_pref("security.password_lifetime", 5); // [DEFAULT: 30]
* can leak in cross-site forms *and* be spoofed * can leak in cross-site forms *and* be spoofed
* [NOTE] Username & password is still available when you enter the field * [NOTE] Username & password is still available when you enter the field
* [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords * [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords
* [1] https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ ***/ * [1] https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/
* [2] https://homes.esat.kuleuven.be/~asenol/leaky-forms/ ***/
user_pref("signon.autofillForms", false); user_pref("signon.autofillForms", false);
/* 0904: disable formless login capture for Password Manager [FF51+] ***/ /* 0904: disable formless login capture for Password Manager [FF51+] ***/
user_pref("signon.formlessCapture.enabled", false); user_pref("signon.formlessCapture.enabled", false);