Mozilla Connect

> Have a great day, and thank you for contributing to the Open Source software community!

You are welcome. Thank you for contributing.

> Is giving the impression that this feature is not tested internally really a good idea for establishing the feature is secure and for example there are again no backdoors present bypassing the security feature?

[multiple instances of the primary password request on Mac] Is just a known bug which hasn't been gotten to. There is no security exposure.

using 118.0b1, clicking Cancel 3 times makes the dialog go away but the program window opens giving full read and write access!

please advise, and thanks

I agree with the OP when Cancel option is selected for master password it should not open the application for anyone to view the mailbox. What is the point of master password when it lets you in to the application? I thought this is supposed to be security feature.

Agreed with OP, I have no idea who designed it this way. As it is now, master password is basically useless feature. Mozilla devs please correct this issue.

Yes, please correct the master password feature to function properly. It should not be possible to access already downloaded emails to inbox when you click on Cancel button in password prompt.

Agree. It would be nice to not be able to open “stay logged in” websites not just passwords or remembered sites will need a master password. The other cached pages can auto delete when closing the page. 

Thank you for the votes.  Moving the votes to https://connect.mozilla.org/t5/ideas/master-password/idi-p/25967 which describes the same idea.

https://connect.mozilla.org/t5/ideas/master-password/idi-p/25967 describes the same idea, so we are merging this idea into there, where you can vote.

I totally agree on the misleading part of having a password that does not block totall access to the program. Especially because this is the general idea behind it everywhere, a user should be at least warned that this is a different kind of password protection. Use of another word (admin-pwd or whatever) and the warning that cancelling will still show your emails, because that was my assumption too for years untill I accidentally canceled. Which made me feel stupid, to say the least, thinking all this time my emails were safe from unwanted eyes...

Some thoughts can be also found here, in one of the many bug reports raised describing the same issue in bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=1872542 

Moz has a problem in that Master PW and Passphrase are used in multiple contexts.

In FFox, the Passphrase is use to access SYNC storage.

In TBird, the phrase seems to be the concept of preventing read/write of the messages.

For TBird, one might implement a per message, or "all" button/status setting which would allow selective hide/encrypt... 

My primary point is:
FFox and TBird are using same words with conflicting meanings, and should be resolved, if both projects wish to take advantage of pre-existing code/ or improve the mutual code base.  Keeping siloed meanings will turn off people, and taint the Mozilla brand.

Thunderbird > Tools: Privacy&Safety > Master Password.
When we setup down with the master password and close the program.
Then click the program again which will show up the window to enter the
master password.
But if the password without enter or enter the worng.
The client still pop up the window with retry and the main program will
continue go on with the next steps.
The final of the status is that still can read the mail in the program.
The status should be that is the password with the wrong times and
should closed the program with the exit. If it is correct will continue
to the normal.

Thunderbird version is 128.5.2esr (64 位元)