User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-GB; rv:188.8.131.52) Gecko/20090715 Firefox/3.5.1 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-GB; rv:184.108.40.206) Gecko/20090715 Firefox/3.5.1 Maybe not a bug with the software but thought you might be interested in this link... http://thepiratebay.org/torrent/5040248/FireFox.PassWord.SteaLer.-DEMaND A quote from the description says "Hello, I am just starting coding in C++ so I decided to make this to practice. This Firefox Stealer finds the Firefox passwords in the computer, decodes them and uploads them to an FTP server " Sorry I haven't downloaded and tried the application (not my thing) but if it does what it claims there may be cause to beef up the password security. Reproducible: Always
Firefox stealers require the application (Stealer) to be on the end-users computer for it to work. Windows passwords are stored in the SAM file and Linux passwords in the etc/passwd (Now etc/shadow I think) and these are both easily crackable (Length dependant) Firefox has to store passwords some way, and since it cannot use 1-way encryption (It actually has to recover the passwords), and partially due to the fact Firefox is Open-Source, finding the passwords using an external program is rather simple. Now, if the person was able to do that remotely, now THAT would be a problem :)
Why is this surprising for you if you run such software under your useraccount. This software can do everything that your Account permitts. If you run under a windows Administrator Account the software could install a keylogger to get passwords. Setting a masterpassword helps to protect the Firefox passowrd file if you use a good password. marking invalid, no security risk
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.