Overriding nsLoginManager.js "off".......

General discussion about the NoScript extension for Firefox
Post Reply
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Overriding nsLoginManager.js "off".......

Post by luntrus » Tue May 19, 2009 8:39 pm

Hi forum members,

What are the security implications of adding the following two lines to Firefox's nsLoginManager.js file, e.g.
comment out the following lines:

Code: Select all

if (element && element.hasAttribute("autocomplete") &&
    element.getAttribute("autocomplete").toLowerCase() == "off")
    return true;

This is overriding the, default settings to enable the Firefox password manager for all websites, even those that request that the feature be disabled. Some folks that like complete control over their browser and what it does want to implement this, but why should this be an unwise thing to do? Like to hear your arguments pro and contra,

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090518 Shiretoko/3.5b5pre

User avatar
Lieutenant Colonel
Posts: 3347
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA

Re: Overriding nsLoginManager.js "off".......

Post by GµårÐïåñ » Wed May 20, 2009 12:20 am

Off the top of my head I can imagine that this mod to the file might get replaced by an update which might leave it not functioning as expected. Additionally, can't this be achieved more efficiently using network.automatic-ntlm-auth.trusted-uris instead of modifying the file? I can't quite think of a security implication though, I'll think about it some more.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv: Gecko/2009042316 Firefox/3.0.10

Post Reply