This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

extreme security flaw with autofill from firefox

jack9999
Making moves

‎11-25-2024 04:56 AM - edited ‎11-25-2024 08:50 AM

the autofiller from firefox fills in the password "enter current password" in the android and desktop version when you want (or someone else wants to change respectively see) to change the password for firefox sync (in settings sync).

the password access per fingerprint makes no sense this way. It should not autofill the password for the access to all passwords to be autofilled from the firefox browser.

Also the masterpassword feature makes no sense this way (besides that you can just cancel or check the cross to use all the prefilled passwords of shopping and so one websites).

maybe only few people would always delete the firefox sync password in the pw manager from firefox again and again to prevent this security flaw.

0 Kudos
1 REPLY 1

jack9999
Making moves

‎11-27-2024 06:52 AM - edited ‎11-27-2024 07:16 AM

I know that u can use "exceptions" but most people would not come to this idea. it could be risky.  Most people would also not always "sign out". Also someone else could delete all "exceptions" per "remove all websites" bc this section is not password protected and once the same person returns some days or weeks later everything will be autofilled. this could happen if someone lives with somebody or at the working place when the laptops are left and non surveilled.

0 Kudos
Copyright © 2024 Khoros, LLC