A slight error. That should read access to your computer user account. If you want added protection, you can use the Master Password option.

https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins Use a Master Password to protect stored logins and passwords

Separate Security Issue: Update your Flash Player or remove it using these links; http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html Uninstall Flash Player | Windows http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html Uninstall Flash Player | Mac

Note: Windows users should download the ActiveX for Internet Explorer. and the plugin for Plugin-based browsers (like Firefox).

Note: Windows 8 and Windows 10 have built-in flash players and Adobe will cause a conflict. Install the plugin only. Not the ActiveX.

Flash Player Version: Version 29.0.0.113

https://get.adobe.com/flashplayer/ Direct link scans current system and browser Note: Other software is offered in the download. <Windows Only>

https://get.adobe.com/flashplayer/otherversions/ Step 1: Select Operating System Step 2: Select A Version (Firefox, Win IE . . . .) Note: Other software is offered in the download. <Windows Only> +++++++++++++++++++ See if there are updates for your graphics drivers https://support.mozilla.org/en-US/kb/upgrade-graphics-drivers-use-hardware-acceleration

FredMcD said

A slight error. That should read access to your computer user account. If you want added protection, you can use the Master Password option. https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins Use a Master Password to protect stored logins and passwords

I know about the Master Password. I want to know what's the point of encryption, and what does it protect me from? Basically I want to understand what is the default protection of saved logins in Firefox....

Someone with personal access to your user accont can do much more worse things than only read your passwords.

TyDraniu said

Someone with personal access to your user accont can do much more worse things than only read your passwords.

Wow!

Only the question is absolutely different.. If you don't like the wording, go ahead and edit the article.

I did submit an edit.

Assuming that key4.db and logins.json files got accessed by a wrong person (no matter how: via physical access to a logged in computer, via malware, or from a flash drive with a backup copy of Firefox profile folder), will they be able to read the contents of the files? If yes, what's the point of encryption then? And finally, again, if yes, why isn't Master Password used by default?

(I tried to copy these files to a different Firefox profile of the same user, and also of a different user, and both times I was able to read them from Firefox.

The passwords stored in logins.json are encrypted, but the encryption key is stored in key4.db (previously in key3.db) and without a master password you merely need to place the two files is Firefox profile folder to see the passwords in the Password Manager.

The usernames and passwords are encrypted with triple-DES stored in the key file, but the MP adds an extra layer.

• https://dxr.mozilla.org/mozilla-release/source/security/nss/doc/html/pk12util.html

Thank you very much for a detailed explanation