So this guy is engaged to some girl, and he goes to dating web pages. Firefox asks him to save his password and he says "no", so far so good.
The next day his fiancee uses the computer and logs in using her own windows profile, for some twisted reason checks the password manager and sees his fiancee's dating site passwords!
Couple breaks up
When different users on one system choose to save or not save passwords for sites, any other user can see sites they not only saved passwords for but can also see what other users have been saving/never saving passwords for.
Reproducible: Always
Steps to Reproduce:
1. Create 2 unique user accounts (for steps sake, let's call the two accounts
Joe and Mary) in Windows XP Home.
2. Logout and sign-in under Joe.
3. Open Firefox and go to an e-mail site or to jdate.com or wherever.
4. Attempt to log-in to the site so that Firefox will ask whether or not you
want your password saved.
5. Choose not to save the password.
6. After successfully logging in and having selected the "never save password"
option, logout.
7. Log-in as Mary and open Firefox.
8. Browse, browse, browse... but you don't really have to. Just go to "View
Saved Passwords," click on the tab that will show you sites to never save
passwords for, and you'll see whatever painful site Joe denied to save a
password for.
9. Break-up with fiancé.
Help us make a better browser :)