cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
lnee
Strollin' around
Status: New idea

Add the ability to encrypt cookies with the primary password to prevent cookie stealer malware use the same prompt to unencrypt passwords.

6 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

wason
Strollin' around

Yes, this is a good idea. This should also work somewhat like that feature they removed that closed the browser if you didn't enter the primary password right? The browser won't be closed but whoever uses it won't have access to your opened sessions.

xantilas
New member

not just malware (which, running under the same user profile, could probably get hold of cookies anyway), but especially in case your computer is stolen. If cookies were encrypted with the primary password in the same way as logins passwords, no one would be able to get into any web page using stored sessions. I think this should be a must.

 

lnee
Strollin' around

full browser encryption would be nice

smore
New member

I recently had someone attempt to attack me via sending me an executable that would steal all my cookies of saved logins, and then ransom the accounts back to me. I knew not to run the executable or download any files, but I feel like that is just a needless vulnerability when it would be simple enough to just encrypt the cookies.

2meito
New member

Unfortunately, I was a recent victim of one such cookie attack. I was under the guise that since Firefox was touted as such a safe and secure browser, that at the bare minimum, cookies would have some kind of encryption or need for elevated permissions for other programs to access it, but it turns out I was wrong.