Today we are operating by dosens of sites on each work session, including authorization, by the way there is no ability to defend such a sensitive data as authorization cookies. More precisely, there is one - to check a setting to delete all cookies on browser window close but if we use it we have to re-authorize on all our sites on every new work session. In addition, the use of this setting also has the following disadvantages:
1. All cookies aka authorization keys are being stored in simple sqlite db in user profile folder, which makes it possible to steal this sensitive data when an attacker has physical access to a computer, or via use of viruses.
2. If you did not close the firefox window properly, but instead, for example, simply disconnected the computer from electricity, on the next download you will have firefox window opened with all sites authorized, despite the setting for deleting cookies.
With all these problems, the ability to encrypt passwords using a primary key, which is available in the browser, looks like a mockery.
It is proposed to add to the browser the ability to encrypt cookies using the primary key as well, so if it was not entered when the browser was opened, and the browser was started without entering the primary key, the entire set of cookies from the previous session would be erased.
... View more