Removing stored passwords should be protected by master password (if set)




Password Manager
6 years ago
4 years ago


(Reporter: Martin Pecka, Unassigned)


12 Branch
Windows 7

Firefox Tracking Flags

(Not tracked)




6 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
Build ID: 20120420145725

Steps to reproduce:

Removing stored passwords using the Show Passwords dialog is not protected by master password prompt.

Actual results:

The master password prompt isn't shown.

Expected results:

IMHO the removal should be protected as the showing of them is. There could be users not remembering their passwords, and an adversary (or just a jokester) could remove all of them without entering the master password.

There is one caveat, though. Imagine you work on a borrowed Firefox with master password set up, and you (by accident) store your password. Then you would be totally helpless.

I know all of these problems would be resolved by forcing the users not to let others use their profile when master password has been entered, but...

Rather than directly resolving the issue, I would like to start a discussion on this topic.

Thanks for your oppinions ;)


6 years ago
Severity: normal → minor
Component: Untriaged → Security

Comment 1

6 years ago

If you have set Master password and when you click on "Show Password" button, It ask for Master password. If you give wrong password or just cancel it, it leads you to a window with no saved password list. 

So if a user know Master password then only he can see for which site Firefox have saved password. 

Correct me if I am wrong.

Comment 2

6 years ago
(In reply to Abhinav Chittora from comment #1)
You are completely correct. But that is not what I am asking for. I'm talking about the situation when master password has already been entered (former). Then, to show the passwords (not the dialog, but the real passwords), you are asked for the password once more (even though the store has been already unlocked). I say that I think the same elevated protection should apply to removing the passwords.

Comment 3

6 years ago
(In reply to Martin Pecka from comment #2)

Oh, But don't you think that asking Master Password for deleting user password for each website will frustrate user. I mean, Asking for master password, each time when he want to delete the user password, can irritate any user ( Think about it).
This request doesn't make sense to me. The masterpassword should protect the passwords so that nobody can steal your passwords.
Why should a masterpassword be required if you want to delete the passwords ?
Anyone can delete your whole Firefox userprofile with a few clicks and all the passwords, bookmarks and history are gone !
Severity: minor → enhancement

Comment 5

6 years ago
(In reply to Abhinav Chittora from comment #3)
It could be so that the user is asked only the first time after opening the dialog.
Severity: enhancement → minor

Comment 6

6 years ago
(In reply to Matthias Versen (Matti) from comment #4)
You are right. My suggestion would just increase the pseudosecurity of the whole thing. But I would just feel safer if FF asked me for the password when doing such an important action. This is the difference between the real world and user experience.
Pseudo security is worse than no security because people may think that their passwords are protected.
To delete the whole profile just type about:support, click on "show folder", ctrl+a, del ...
Severity: minor → enhancement
Component: Security → Password Manager
Product: Firefox → Toolkit
QA Contact: untriaged → password.manager


4 years ago
Last Resolved: 4 years ago
Resolution: --- → WONTFIX


4 years ago
Duplicate of this bug: 1004378
You need to log in before you can comment on or make changes to this bug.