Unauthorized aaved credit card data: CVV
Hello. I recently made a purchase online, on a site that does have my credit card info. As expected, Firefox did autofill the address (which I've authorized), and it did not autofill the credit card number (whoch I've never authorized). However, the CVV and expiry date DID show up as autofill options.
According to following Mozilla page, the CVV is never supposed to be saved.
https://support.mozilla.org/en-US/kb/credit-card-autofill
I'd like to delete this information from Firefox, but there's no credit card field to delete under Settings->Privacy, presumably because I've never allowed it to be saved before.
This hasn't happened before, so far as I can recall. I'm working on an up-to-date Windows 10 machine, and running Firefox 144.0. I don't know when it updated last, but the "About" splash says it's current.
Thank you for your help.
All Replies (3)
Firefox has a separate "form history" feature that can remember/suggest data from similarly named form fields across the web. To remove a form history item, you typically can press the down arrow from the field to highlight a suggestion (for very long lists, you can type the first character in the field to filter it) and then press the Delete key to remove it. Does that work on the fields you do not want filled? Problem is, it could happen again. For more info on that feature, see: Control whether Firefox automatically fills in forms.
One other thought:
Sometimes Firefox thinks that a CVV field I filled is a password field because it is masked with asterisks, just like a password field. So it may then suggest updating the saved username/password for the site. No! Bad fox!
I suggest checking Firefox's password manager to make sure the CVV wasn't saved there, and be very careful when saving/updating logins for sites that Firefox isn't picking random masked fields.
Reference: Password Manager - Remember, delete and edit logins and passwords in Firefox
jscher2000 - Support Volunteer said
One other thought: Sometimes Firefox thinks that a CVV field I filled is a password field because it is masked with asterisks, just like a password field. So it may then suggest updating the saved username/password for the site. No! Bad fox! I suggest checking Firefox's password manager to make sure the CVV wasn't saved there, and be very careful when saving/updating logins for sites that Firefox isn't picking random masked fields. Reference: Password Manager - Remember, delete and edit logins and passwords in Firefox
Thank you for the quick reply, @jscher2000.
I checked the Firefox passwords manager, and it's empty (as expected since I don't allow password saves), so that's not the problem. But I'll definitely check the generic form-filling using the method you described next opportunity I have.
My main concern, though, is that this has never happened before. I gather (based on the link I posted above) that Firefox is specifically meant never to save the CVV, irrespective of other form-filling features.
For that reason, I wonder if this is a security bug introduced in the latest update.
Thank you again for your response.
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.