Cookies should be encrypted when saved on disk

RESOLVED DUPLICATE of bug 19184

Status

()

--
enhancement
RESOLVED DUPLICATE of bug 19184
10 years ago
8 years ago

People

(Reporter: eyalsoha+bugzilla, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10

On websites that require a log-in, such as gmail, some have a "Remember me" option to save me the effort of logging in each time.  This is done by having a cookie saved on my computer.  For my gmail account and others, stealing my cookies is as good as having my gmail password.

I believe that if a Firefox user enables the Master Password for his password manager, it should also password protect all the cookies.

Reproducible: Always

Steps to Reproduce:
1. Enable the password manager and use a Master Password
2. Log-in to gmail or another site and select "Remember Me"
3. Close Firefox
4. Restart Firefox.  When asked for the master password, click "Cancel"
5. Browse to www.gmail.com
Actual Results:  
Cookies sent to gmail and my inbox is visible without ever entering a password.

Expected Results:  
Cookies can't be decrypted without the master password.  They are not sent to gmail.  gmail shows me a log-in screen.

Software to search through a user's profile directory and extract all the passwords from the password manager alrady exists.  The master password thwarts that software.

Cookies are just as valuable as passwords today and should be protected as well.

Comment 1

10 years ago
part of bug 19184

Updated

8 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 19184
You need to log in before you can comment on or make changes to this bug.