This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Encrypt Firefox Profiles with AES 256-bit key and file key

Yangu_Hury
Making moves
‎06-08-2022 08:40 AM
Status: New idea

 

I suggest to encrypt Firefox Profiles with AES 256-bit primary key and a file key. Login for important sites are available in profiles data. This data can be easily copied and used to access account without password or login because profile has the cookies and other login data of sites. With local access to the PC a person can boot a Linux and copy Firefox Profiles in Windows/Linux profiles and use it on other Firefox if you keep your account logged in these Firefox profiles.

Comment
6 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎06-08-2022 08:42 AM
‎06-08-2022 08:42 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

majkassab
New member
‎06-10-2022 06:20 AM
‎06-10-2022 06:20 AM

👍

Nich
Making moves
‎06-15-2022 09:56 AM
‎06-15-2022 09:56 AM

I Agree!

fabsidereal
New member
‎06-29-2022 08:33 AM
‎06-29-2022 08:33 AM

Definitely needs to happen at some point, but it would probably require a big rewrite of the code.

cryptostuff
Strollin' around
‎09-08-2022 05:31 AM
‎09-08-2022 05:31 AM

Absolutely yes. Encrypt the profile and, of course, protect Firefox profile from being opened (with Firefox). Please do!

Moleculo
New member
‎03-04-2023 02:16 AM
‎03-04-2023 02:16 AM

I vote for this suggestion because Firefox's lack of any kind of profile protection makes me think about choosing another browser. At the very least, Firefox should encrypt the cookie database, which currently can be simply copied by an attacker and substituted into another profile, after which the attacker gets access to all user authorizations. I think this is unacceptable and wonder why this is not given the attention it deserves. This extra layer of protection can save the user's data in case the system is compromised. Please implement profile protection and encryption.

Copyright © 2024 Khoros, LLC