Firefox stores passwords in its own "password manager" (basically an encrypted file). All remembered passwords can be shown in plain text by simply clicking a button in the options – unless a Master Password is defined.
So by default, Firefox allows anyone with access to your computer to view all your stored passwords. How this can be considered "secure enough" is beyond me.
I've worked with quite a few people (regular end users) that use Firefox. None of them knew that their stored passwords are accessible this easily. None of them used a master password.
Why doesn't Firefox use the macOS keychain?
If not that, why doesn't Firefox at least prompt for the login password of the current user before showing all stored passwords?
If not that, why doesn't Firefox at least show a giant red banner, informing the user that their passwords are at risk unless they set a master password?
Mozilla doesn't seem to view the current behavior as problematic, as this 18 year old ticket has been closed as WONTFIX a few months ago...
So by default, Firefox allows anyone with access to your computer to view all your stored passwords. How this can be considered "secure enough" is beyond me.
I've worked with quite a few people (regular end users) that use Firefox. None of them knew that their stored passwords are accessible this easily. None of them used a master password.
Why doesn't Firefox use the macOS keychain? If not that, why doesn't Firefox at least prompt for the login password of the current user before showing all stored passwords? If not that, why doesn't Firefox at least show a giant red banner, informing the user that their passwords are at risk unless they set a master password?
Mozilla doesn't seem to view the current behavior as problematic, as this 18 year old ticket has been closed as WONTFIX a few months ago...