Without fanfare, Mozilla closed a bug in Firefox discovered 23 years ago. This was due to the fact that passwords in GET requests were stored in the browsing history and could subsequently be stolen without much effort.
When the password was sent to the website using a GET request, it was passed as part of the URL. It was visible to the user in the address bar, it was visible in the server logs and, of course, in the browser's navigation history. The scheme is unsafe and seems unacceptable today, but the world was a very different place 23 years ago.
The person who opened the ticket was unhappy when they saw their passwords in the navigation history. Anyone you share your computer with could easily find them. By then this was also commonplace.
However, it's 2024, and the development team has only now fixed the bug. It's good to see that the situation has improved, but it is now hard to find a website that still uses the GET method for user authentication.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options: