In the saved passwords section about:logins using the search bar filters out passwords too, not only the websited of the logins. this makes is very easy to guess a passwort to a certain page without knowing the master password.
Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.
It may not be "very easy" to guess a sufficiently sophisticated password, but it is true that it is abnormal, unnecessary and potentially dangerous to be able to do such a search.As a matter of principle one should not have any information about a password that would make it easier to find by trial and error.
Seeing the length of the password (a frequent practice, not only in Firefox) is already questionable.
Besides, a precaution against indiscretion from someone sneakily viewing Firefox opened by a user who has momentarily stepped away would be to ask for the main password again when opening about:login, rather than when looking at a site password.
I currently use the search password feature to check for duplicate passwords. Removing this feature would break this use case, though in the future, once Firefox has password alerts for duplicated passwords implemented, this does not matter anymore
It is a manual step, but if you think someone is going to have physical access to your Firefox, you can "re-lock" your saved logins using this method:
If you reload the page, it will now require your Primary password before displaying it.