Nine years on, Firefox’s master password is still insecure

  • 0 Replies
  • 213 Views
*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10557
Nine years on, Firefox’s master password is still insecure
« on: March 20, 2018, 12:23:34 PM »
Developer Wladimir Palant (of Adblock Plus fame) has uncovered a big security weakness in the way Firefox secures browser passwords behind a master password.

Firefox users who save browser passwords without a master key are, in theory, protected from attackers with access to their computer by encryption.
The problem is described here:
https://nakedsecurity.sophos.com/2018/03/20/nine-years-on-firefoxs-master-password-is-still-insecure/

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-