Mozilla has quietly closed a 23-year-old Firefox bug

Without fanfare, Mozilla closed a bug in Firefox discovered 23 years ago. This was due to the fact that passwords in GET requests were stored in the browsing history and could subsequently be stolen without much effort.

23-year-old Firefox bug

When the password was sent to the website using a GET request, it was passed as part of the URL. It was visible to the user in the address bar, it was visible in the server logs and, of course, in the browser's navigation history. The scheme is unsafe and seems unacceptable today, but the world was a very different place 23 years ago.

The person who opened the ticket was unhappy when they saw their passwords in the navigation history. Anyone you share your computer with could easily find them. By then this was also commonplace.

However, it's 2024, and the development team has only now fixed the bug. It's good to see that the situation has improved, but it is now hard to find a website that still uses the GET method for user authentication.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!


Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.