Mozilla Connect

Hi Firefox Team,

I am a security-focused user and IT student on Parrot OS. I am requesting a formal Application Lock feature for the Firefox desktop version to address a significant security gap.

THE PROBLEM: The existing Primary Password system only encrypts the saved logins database. If a user launches Firefox and clicks Cancel on the password prompt, the browser still opens. This allows unauthorized access to active session cookies, browsing history, bookmarks, and open tabs. On a shared or security-focused system, this is a major security gap.

PROPOSED FEATURES:

1. STARTUP AUTHENTICATION: A mandatory password prompt that appears immediately upon launch before any profile data is loaded.

2. FORCE QUIT ON CANCEL: If the authentication is canceled or fails, Firefox must terminate the process immediately to prevent UI access.

3. GUEST MODE FALLBACK: Provide an option to Enter as Guest which opens a fresh, temporary profile with no access to the main users data.

4. PROFILE ENCRYPTION: Ensure that session cookies and history files remain protected until the password is provided.

5. BIO METRIC SUPPORT: Allow the use of Linux bio metrics or Windows Hello to make this lock seamless.

WHY THIS MATTERS: A native browser lock provides Security in Depth. It ensures that even if an OS session is compromised, the users digital identity and active web sessions remain protected. Native implementation is necessary because extensions can be bypassed in Safe Mode.

Thank you for your dedication to making Firefox the most secure browser available.