Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Kërkoni te Asistenca

Shmangni karremëzime gjoja asistence. S’do t’ju kërkojmë kurrë të bëni një thirrje apo të dërgoni tekst te një numër telefoni, apo të na jepni të dhëna personale. Ju lutemi, raportoni veprimtari të dyshimtë duke përdorur mundësinë “Raportoni Abuzim”.

Learn More

Kjo rrjedhë është arkivuar. Ju lutemi, bëni një pyetje të re, nëse keni nevojë për ndihmë.

Are my password on the local PC not protected?

  • 1 përgjigje
  • 0 e kanë hasur këtë problem
  • 3 parje
  • Përgjigjja më e re nga cor-el

nikitakirenkov
nikitakirenkov
more options

Hi, I've been using Firefox for decades and been saving passwords in it without any second thoughts, thinking they were fully secure.

Today I had to install a Yandex Browser for my work for the first time in my life (on a new clean Windows 10). It also asked to "make changes on my device", and I rejected it. What happened next absolutely terrified me. It immediately grabbed all the tabs, the sessions and, most importantly, the years worth of passwords from my Firefox. Does it mean that they just lie there unprotected, and any random piece of code even without the administrative privileges can just take them? I'm pretty sure I didn't click anything related to legitimate data sync.

Hi, I've been using Firefox for decades and been saving passwords in it without any second thoughts, thinking they were fully secure. Today I had to install a Yandex Browser for my work for the first time in my life (on a new clean Windows 10). It also asked to "make changes on my device", and I rejected it. What happened next absolutely terrified me. It immediately grabbed all the tabs, the sessions and, most importantly, the years worth of passwords from my Firefox. Does it mean that they just lie there unprotected, and any random piece of code even without the administrative privileges can just take them? I'm pretty sure I didn't click anything related to legitimate data sync.
Foto të bashkëngjitura ekrani

Ndryshuar nga nikitakirenkov

Zgjidhje e zgjedhur

Are you using the Primary Password to protect the logins with an extra layer of protection? If not then merely having access to logins.json and key4.db (encryption key) is sufficient to decrypt the logins. The logins stored in logins.json are encrypted with a key stored in key4.db, so having access to both files is sufficient to decrypt the logins. The PP encrypts the encryption key stored in key4.db, so you need to enter this PP to be able to unlock the logins.

Lexojeni këtë përgjigje brenda kontekstit 👍 1

Krejt Përgjigjet (1)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Zgjidhja e Zgjedhur

Are you using the Primary Password to protect the logins with an extra layer of protection? If not then merely having access to logins.json and key4.db (encryption key) is sufficient to decrypt the logins. The logins stored in logins.json are encrypted with a key stored in key4.db, so having access to both files is sufficient to decrypt the logins. The PP encrypts the encryption key stored in key4.db, so you need to enter this PP to be able to unlock the logins.