Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox and hibernation plain text vulnerability

  • 3 replies
  • 0 have this problem
  • 23 views
  • Last reply by cor-el

more options

Hi, I use windows hibernate a lot. One vulnerability of hibernate is that the contents of RAM get written to the hard drive in unencrypted form in a file called hiberfil.sys. This means that any encryption keys in RAM used to access encypted files will be written to hiberfil.sys and can be extracted if a malicious party has physical access to the drive.

Thus, the question:

Does Firefox store encryption keys, passwords, or log in details in RAM at any time while in use?

Thanks.

Hi, I use windows hibernate a lot. One vulnerability of hibernate is that the contents of RAM get written to the hard drive in unencrypted form in a file called hiberfil.sys. This means that any encryption keys in RAM used to access encypted files will be written to hiberfil.sys and can be extracted if a malicious party has physical access to the drive. Thus, the question: Does Firefox store encryption keys, passwords, or log in details in RAM at any time while in use? Thanks.

All Replies (3)

more options

I *assume* that a key or hash generated from my Primary Password is stored in memory so that Firefox can fill my saved logins on forms without prompting me for that password every single time. (Info on that password: Use a Primary Password to protect stored logins and passwords.)

You could investigate how add-on password managers work and see whether any of those would be more secure.

Helpful?

more options

jscher2000 - Support Volunteer said

I *assume* that a key or hash generated from my Primary Password is stored in memory so that Firefox can fill my saved logins on forms without prompting me for that password every single time.

Good point but it could also be that Firefox generates an authorization token of some kind instead of exposing the key in RAM.

Helpful?

more options

When you fill the Primary Password then you login to the Software Security Device and this is a stand-alone NSS device that is accessed via a secure local connection, but the passwords can be visible on the about:logins page. You can/should logout (cancel a PP prompt or logout via Security Devices) to ensure that the logins are locked again and can't be accessed if the device is left unattended.

  • Settings -> Privacy & Security -> Certificates -> Security Devices

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.