Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Pomoc přepytać

Hladajće so wobšudstwa pomocy. Njenamołwimy was ženje, telefonowe čisło zawołać, SMS pósłać abo wosobinske informacije přeradźić. Prošu zdźělće podhladnu aktiwitu z pomocu nastajenja „Znjewužiwanje zdźělić“.

Learn More

Tuta nitka je so archiwowała. Prošu stajće nowe prašenje, jeli pomoc trjebaće.

Are my password on the local PC not protected?

  • 1 wotmołwa
  • 0 ma tutón problem
  • 3 napohlady
  • Poslednja wotmołwa wot cor-el

nikitakirenkov
nikitakirenkov
more options

Hi, I've been using Firefox for decades and been saving passwords in it without any second thoughts, thinking they were fully secure.

Today I had to install a Yandex Browser for my work for the first time in my life (on a new clean Windows 10). It also asked to "make changes on my device", and I rejected it. What happened next absolutely terrified me. It immediately grabbed all the tabs, the sessions and, most importantly, the years worth of passwords from my Firefox. Does it mean that they just lie there unprotected, and any random piece of code even without the administrative privileges can just take them? I'm pretty sure I didn't click anything related to legitimate data sync.

Hi, I've been using Firefox for decades and been saving passwords in it without any second thoughts, thinking they were fully secure. Today I had to install a Yandex Browser for my work for the first time in my life (on a new clean Windows 10). It also asked to "make changes on my device", and I rejected it. What happened next absolutely terrified me. It immediately grabbed all the tabs, the sessions and, most importantly, the years worth of passwords from my Firefox. Does it mean that they just lie there unprotected, and any random piece of code even without the administrative privileges can just take them? I'm pretty sure I didn't click anything related to legitimate data sync.
Připowěsnjene fota wobrazowki

Wot nikitakirenkov změnjeny

Wubrane rozrisanje

Are you using the Primary Password to protect the logins with an extra layer of protection? If not then merely having access to logins.json and key4.db (encryption key) is sufficient to decrypt the logins. The logins stored in logins.json are encrypted with a key stored in key4.db, so having access to both files is sufficient to decrypt the logins. The PP encrypts the encryption key stored in key4.db, so you need to enter this PP to be able to unlock the logins.

Tutu wotmołwu w konteksće čitać 👍 1

Wšě wotmołwy (1)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Wubrane rozrisanje

Are you using the Primary Password to protect the logins with an extra layer of protection? If not then merely having access to logins.json and key4.db (encryption key) is sufficient to decrypt the logins. The logins stored in logins.json are encrypted with a key stored in key4.db, so having access to both files is sufficient to decrypt the logins. The PP encrypts the encryption key stored in key4.db, so you need to enter this PP to be able to unlock the logins.