A USB drive can be used to exfiltrate all the saved passwords from Firefox

RESOLVED INVALID

Status

()

Firefox
Untriaged
RESOLVED INVALID
4 months ago
4 months ago

People

(Reporter: JuliaTheMad, Unassigned)

Tracking

45 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 months ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20170419042421

Steps to reproduce:

Used a USB drive and downloaded a simple tool and created an autoexec.bat file.


Actual results:

I got all of the saved passwords from Firefox and several other programs I have on my computer just by plugging the drive in.


Expected results:

Nothing (probably)
Unless you use the "Master Password" feature Firefox relies on the operating system to protect user data. Use a password on your account and lock it when you step away from the keyboard. If you share the computer set up at least a guest account (for transient borrowing) or multiple user accounts with non-administrator permissions.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 months ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.