Closed
Bug 496306
Opened 15 years ago
Closed 14 years ago
Cookies should be encrypted when saved on disk
Categories
(Firefox :: Security, enhancement)
Tracking
()
People
(Reporter: eyalsoha+bugzilla, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 On websites that require a log-in, such as gmail, some have a "Remember me" option to save me the effort of logging in each time. This is done by having a cookie saved on my computer. For my gmail account and others, stealing my cookies is as good as having my gmail password. I believe that if a Firefox user enables the Master Password for his password manager, it should also password protect all the cookies. Reproducible: Always Steps to Reproduce: 1. Enable the password manager and use a Master Password 2. Log-in to gmail or another site and select "Remember Me" 3. Close Firefox 4. Restart Firefox. When asked for the master password, click "Cancel" 5. Browse to www.gmail.com Actual Results: Cookies sent to gmail and my inbox is visible without ever entering a password. Expected Results: Cookies can't be decrypted without the master password. They are not sent to gmail. gmail shows me a log-in screen. Software to search through a user's profile directory and extract all the passwords from the password manager alrady exists. The master password thwarts that software. Cookies are just as valuable as passwords today and should be protected as well.
Updated•14 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•