InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Overriding nsLoginManager.js "off".......

https://forums.informaction.com/viewtopic.php?t=1407

Page 1 of 1

Overriding nsLoginManager.js "off".......

Posted: Tue May 19, 2009 8:39 pm
by luntrus
Hi forum members,

What are the security implications of adding the following two lines to Firefox's nsLoginManager.js file, e.g.
comment out the following lines:

Code: Select all

if (element && element.hasAttribute("autocomplete") &&
    element.getAttribute("autocomplete").toLowerCase() == "off")
    return true;
This is overriding the, default settings to enable the Firefox password manager for all websites, even those that request that the feature be disabled. Some folks that like complete control over their browser and what it does want to implement this, but why should this be an unwise thing to do? Like to hear your arguments pro and contra,

luntrus

Re: Overriding nsLoginManager.js "off".......

Posted: Wed May 20, 2009 12:20 am
by GµårÐïåñ
Off the top of my head I can imagine that this mod to the file might get replaced by an update which might leave it not functioning as expected. Additionally, can't this be achieved more efficiently using network.automatic-ntlm-auth.trusted-uris instead of modifying the file? I can't quite think of a security implication though, I'll think about it some more.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited