DEBUG FireFox Extension JSON Log

🍱 Features & apps passwords
1

Hello, I have installed the latest Passwords app, tested and the FireFox extension in a Linux environment (2020). Debug logs were created due to "“Could not establish connection. Receiving end does not exist.”

When reviewing the FF extension, v 2.0.4, I noticed that the debug log had critical login information in it, including the username and password. I am concerned that this extension is creating a security hole in the case that debug messages are written. Can I disable the debug feature, or can the logs (in JSON format) be redacted accordingly?

Kind regards,
Jason

1 Like
2

I don’t think that the content of the debug log is an issue since it is not stored or sent anywhere. The log is only kept in RAM and the contents are lost once the browser is closed. So anything in there could be accessed a lot faster trough the extension popup.

Aside from that, that error is a known issue and is worked on.

2 Likes
3

Thank you so much MDW for letting me know the logs are only in RAM. And, thank you for such a great app!

Kind regards,
Jason