From 9a37e1340c430cc9953f6a73226f286d12bd9746 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 20 Aug 2020 17:18:22 +0000
Subject: [PATCH] 0905: add reference, #982

---
 user.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/user.js b/user.js
index 26169cb..00e738d 100644
--- a/user.js
+++ b/user.js
@@ -542,7 +542,8 @@ user_pref("security.password_lifetime", 5);
 /* 0905: disable auto-filling username & password form fields
  * can leak in cross-site forms *and* be spoofed
  * [NOTE] Username & password is still available when you enter the field
- * [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords ***/
+ * [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords
+ * [1] https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ ***/
 user_pref("signon.autofillForms", false);
 /* 0909: disable formless login capture for Password Manager [FF51+] ***/
 user_pref("signon.formlessCapture.enabled", false);