From dff6372b2bb6bc80f5899b322406857e15597799 Mon Sep 17 00:00:00 2001
From: trytomakeyouprivate
 <113100745+trytomakeyouprivate@users.noreply.github.com>
Date: Fri, 27 Oct 2023 00:49:42 +0000
Subject: [PATCH] added formfill bugs

The original bug is very old and dead, maybe its still reproducible but I couldnt do it

But there are two new bugs, one about the clarification that the formdata will not be separated by URL origin, which could be a security risk, and another one about some weird bug with wrong input, when using some weird keyboard.

If this is such a vulnerable component, its probably best to keep it off
---
 user.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/user.js b/user.js
index 4798b8a..89cf4e7 100644
--- a/user.js
+++ b/user.js
@@ -337,7 +337,9 @@ user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: fa
  * [NOTE] We also clear formdata on exit (2811)
  * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history
  * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
- * [2] https://bugzilla.mozilla.org/381681 ***/
+ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1487441 Formfill will not be restricted to origin
+ * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1629520 Virtual keyboards can cause wrong infos to be put in
+ * [4] https://bugzilla.mozilla.org/381681 very old bug, reproducability questionable, tricky sites could get formfill data***/
 user_pref("browser.formfill.enable", false);
 /* 0815: disable tab-to-search [FF85+]
  * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search