MozillaZine

Signon.autofillForms

From MozillaZine Knowledge Base

The title given to this article is incorrect due to technical limitations. The correct title is signon.autofillForms.

This article describes the preference signon.autofillForms. To add, delete, or modify this preference, you will need to edit your configuration — do not edit this article.

Contents

[edit]

Background

Firefox’s Password Manager can expose usernames and passwords on websites with cross-site forms (that is, HTML forms that submit to other domains). This includes many sites that will display unsanitized user-submitted content, such as MySpace.

As an initial defense against such attacks, this preference was created to prevent the Password Manager from auto-filling form fields with usernames and passwords.

[edit]

Possible values and their effects

[edit]

True

Automatically fill sign-in forms with known usernames and passwords on appropriate sites. (Default)

[edit]

False

Do not automatically fill sign-in forms with known usernames and passwords; instead, act as though there are multiple usernames/password pairs remembered for the form (fill password after username has been manually typed).

[edit]

Recommended settings

If you use the Password Manager in Firefox to store your passwords, setting this preference to false will prevent the mentioned attack from succeeding.

[edit]

First checked in

2006-12-01 by Mike Connor

[edit]

Has an effect in

  • Mozilla Firefox (nightly trunk builds since 2006-12-01)
[edit]

Related bugs

[edit]

Related preferences

[edit]

External links

Retrieved from "http://kb.mozillazine.org/Signon.autofillForms"