javascript problems: fail to reset password in bugzilla.mozilla.org

[higuita]

Forgot my old password, tried to reset the password in the bugzilla.mozilla.org and also migrate it to passwordhasherplus... After entering the reset link, i enter the master password and used the shortcut to hash the password on both fields, but mozilla always report that the password is different.

This happen in several sites that have javascript managing/checking the login and more common in the reset password.

So next with the issue #3, we really need a new way to enter the password hash to avoid any javascript from reading the wrong content, either by accident or by bad intentions

[simu]

I'm aware and was waiting on Firefox enabling support for OOP extensions on all platforms (cf. Bugzilla 1357487) because that was the root cause of the focus restore issues (cf. Bugzilla 1459560) which prevented a merge of dialog_in_page_action, which will change the addon so that you never enter your master password in the website's form fields.

Looking at the bug reports on Bugzilla, OOP extensions seem to be turned on on all platforms now, so pending a check (#19) I will release a new version that will prevent any JavaScript from reading the master password.

[simu]

Release v2.5.0, which is available from addons.mozilla.org should address the issue of site javascript interfering with the addon, as the new implementation presents the master password input field in a page action instead of reusing the password field of the website.