Closed Bug 959349 Opened 11 years ago Closed 11 years ago

steal identity by copying the profile folder

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
26 Branch
Platform:
x86_64
Windows 8.1
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: harmoniemand, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release) Build ID: 20131205075310 Steps to reproduce: I tried to copy the profile-folder from the appdata folder in windows to an other computer. This is without any problems scriptable. Actual results: i am able to use all the login-saves (like "keep me logged in" on facebook or google) on a different computer. reason is, that there is no check wheather the profile is mine, or at least it shapes to the installation of my firefox. Expected results: I would prefer a solution, which is checking wheather a profile and a firefox installation is matching each other. May be it would be a way to make every installation unique, for example with a generated key and the profile is only accepted if the key fits the profile. or the better but a bit slower, that the profile is encrypted with a installation-spezifik token and when firefox starts, the profile will be encrypted and used (maybe only partly)
This is considered a feature, not a bug. Setting a master password will protect some of the data, the saved passwords in particular.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Its not about the passwords. they may be are save. but the most "keep me logged in" functions are realised by a cookie. Are them saved by the master-password too?
You need to log in before you can comment on or make changes to this bug.