On Tue, Jan 20, 2015 at 10:39:21AM +0900, Mike Hommey wrote: > On Mon, Jan 19, 2015 at 05:05:48PM -0800, Josh Triplett wrote: > > On Tue, Jan 20, 2015 at 07:56:16AM +0900, Mike Hommey wrote: > > > On Mon, Jan 19, 2015 at 08:38:07AM -0800, Josh Triplett wrote: > > > > Package: iceweasel > > > > Version: 32.0-1 > > > > Severity: important > > > > Tags: security > > > > > > > > iceweasel seems to have some kind of debugging message that logs values > > > > filled > > > > in by the password manager, producing lines like these: > > > > > > > > Jan 19 08:35:10 thin iceweasel.desktop[21101]: field value: > > > > Jan 19 08:35:10 thin iceweasel.desktop[21101]: selectedLogin value: > > > > j...@joshtriplett.org > > > > Jan 19 08:35:14 thin iceweasel.desktop[21101]: field value: > > > > j...@joshtriplett.org > > > > Jan 19 08:35:14 thin iceweasel.desktop[21101]: selectedLogin value: > > > > j...@joshtriplett.org > > > > > > What if you turn javascript.options.showInConsole to false? > > > > No change; all of those messages still appear. > > Where are these showing up? for what site? Does it happen if you > downgrade to 31 or upgrade to 35?
Any site for which I have a username and password remembered in the password manager. gandi.net, patreon.com, twitter.com, ... It doesn't seem to happen in 35. - Josh Triplett -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
