Bug#542724: marked as done (add default js-bookmark that allows users to force remembering passwords on a given site)

[Debian Bug Tracking System]

Your message dated Sun, 14 Sep 2025 09:33:13 +0200
with message-id <3192feeb-1bba-ceb7-884f-72e71ef84...@debian.org>
and subject line iceweasel has been superseded by firefox-esr
has caused the Debian Bug report #542724,
regarding add default js-bookmark that allows users to force remembering 
passwords on a given site
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
542724: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542724
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: iceweasel
Version: 3.0.12-1
Severity: wishlist


Hi.

Some sites, e.g. PayPal prevent users from using the password manager, by adding autocomplete=off to their forms.

There are quite some was to circumvent this starting from patching /usr/lib/xulrunner-1.9/components/nsLoginManager.js, spearate extensions, to a bookmark code.

I'd suggest that this bookmark code is added to the default bookmarks created by the package for new profiles with some reasonable title and description.

e.g.:
Title: Force passwords to be remembered on this site

Description: Some sites are blocking the password remembering function by adding "autocomplete=off" to their form-elements. "Opening" this bookmark on such a site removes these attributes and allows to circumvent these blocks.

Location:
javascript:(function(){function%20R(w){try{var%20a,df,dfe,i,j,x,y,r=1;df=w.document.forms;for(i=0;x=df[i];++i){dfe=x.elements;if(a=x.onsubmit){a=""}if(a=x.attributes["autocomplete"]){a.value="on"}for(j=0;y=dfe[j];++j){if(a=y.attributes["autocomplete"]){a.value="on"}}}}catch(E){r=0}return%20r}R(self);var%20i,x;for(i=0;x=frames[i];++i)R(x)})()

The reason why I suggest inclusion is:

Although users should be able to find similar code themselves on the internet, this could allow phishers to trap them with evil code. It would be better if the distribution already contains a "safe" version.

The above version supports frames and is from:
http://kb.mozillazine.org/User_name_and_password_not_remembered


Best wishes,
Chris.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iceweasel depends on:

ii debianutils 3.2.1 Miscellaneous utilities specific t ii fontconfig 2.6.0-4 generic font configuration library

ii  libc6                         2.9-25     GNU C Library: Shared libraries
ii  libglib2.0-0                  2.20.4-1   The GLib library of C routines
ii  libgtk2.0-0                   2.16.5-1   The GTK+ graphical user interface
ii  libnspr4-0d                   4.8-1      NetScape Portable Runtime Library
ii  libstdc++6                    4.4.1-2    The GNU Standard C++ Library v3
ii  procps                        1:3.2.8-1  /proc file system utilities

ii psmisc 22.8-1 utilities that use the proc file s

ii  xulrunner-1.9                 1.9.0.13-1 XUL + XPCOM application runner

iceweasel recommends no packages.

Versions of packages iceweasel suggests:
pn  latex-xft-fonts               <none>     (no description available)
pn  libkrb53                      <none>     (no description available)
ii  mathematica-fonts [ttf-mathem 9          Installer of Mathematica fonts
pn  mozplugger                    <none>     (no description available)
ii  xfonts-mathml                 3          Type1 Symbol font for MathML
pn  xprint                        <none>     (no description available)

ii xulrunner-1.9-gnome-support 1.9.0.13-1 Support for GNOME in xulrunner app

-- no debconf information

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

--- End Message ---

--- Begin Message ---

Version: 115.12.0esr-1+rm

src:iceweasel has been superseded by src:firefox-esr in version 45.0esr-1 in March 2016. Transitional packages to ease upgrades were provided in the wheezy, jessie, stretch and buster releases. The transitional packages have been removed finally before the bullseye release in August 2021. After regular security support for buster ended in August 2022 and LTS support ended in June 2024, I'm closing the remaining bug reports now.

Andreas

--- End Message ---