cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

fairly serious security flaw with autofill

jack9999
Making moves

everything in one post:

the autofiller from firefox fills in the password "enter current password" in the android and desktop version when you want (or someone else wants to change respectively see) to change the password for firefox sync (in settings sync).

the password access per fingerprint makes no sense this way. It should not autofill the password for the access to all passwords to be autofilled from the firefox browser.

Also the masterpassword feature makes no sense this way (besides that you can just cancel or check the cross to use all the prefilled passwords of shopping and so one websites).

maybe only few people would always delete the firefox sync password in the pw manager from firefox again and again to prevent this security flaw.


I know that u can use "exceptions" but most people would not come to this idea. it could be risky. Most people would also not always "sign out" bc they probably have difficult passwords. Also someone else could delete all "exceptions" per "remove all websites" bc this section is not password protected and once the same person returns some days or weeks later everything will be autofilled. this could happen if someone lives with somebody or at the working place when the laptops are left and non surveilled.

0 REPLIES 0