Major password vault security flaw

I found a potential flaw that can allow someone to gather all passwords saved by a user. It's pretty simple to explain, but also to exploit, so I don't want to do it publ… (read more)

I found a potential flaw that can allow someone to gather all passwords saved by a user. It's pretty simple to explain, but also to exploit, so I don't want to do it publicly. Is there some specific team member that I should contact directly?

Asked by mr.killjoy Prieš 2 valandas

This address is restricted

Hello, can someone please tell me how I can access https://localhost:6000/ in Firefox as I need to access this address for the OctoPrint software so I can configure it. … (read more)

Hello, can someone please tell me how I can access https://localhost:6000/ in Firefox as I need to access this address for the OctoPrint software so I can configure it.

All the articles I have read about going into the about:config and adding the port number do not work for me.

So can someone please help me with this and point me in the direction of a working article I can use?

I am using version 130.0 (64bit) of Firefox.

Any help much appreciated and thanks.

Asked by CybaGirl Prieš 23 valandas

Last reply by CybaGirl Prieš 23 valandas

How do I store bank cookies?

I want to figure out how to log into to my bank without triggering 2FA every single time. At the moment, if I log in and tick the "stay logged in" box, complete the 2FA… (read more)

I want to figure out how to log into to my bank without triggering 2FA every single time.

At the moment, if I log in and tick the "stay logged in" box, complete the 2FA, tick the "remember this device" box, I still have to log in two hours later, and go through the whole rigamarole again.

I assume this is some cookie setting of my own doing, but I don't know what I did.

I have Firefox using the "Standard' setting to balance protection and performance at <about:preferences#privacy>

Here's what I've tried:

  • I added the URL to "exceptions for enhanced tracking protection"
  • I added a specific exception to "cookies and site data" to specify that the site can "Always" allow cookies.

Just now, I removed all of my existing cookies for the site, in case I set some cookie previously that is telling it to never track anything. But if that doesn't work, is there anything I can do to ensure that the bank will actually remember that I did successfully complete 2FA in this browser already today?

Asked by amanda Prieš 1 dieną

HIPAA Violation - Unwanted saving of addresses

Using Firefox for windows. Have browser set to never save patient's addresses. After clearing cache/cookies on 9/4/24, Firefox is now asking to save addresses. The box t… (read more)

Using Firefox for windows. Have browser set to never save patient's addresses. After clearing cache/cookies on 9/4/24, Firefox is now asking to save addresses. The box to do so remains unchecked. Cleared saved data again, restarted computer and Firefox. Still asks. Do not want to save addresses for every patient payment entered. It is a HIPAA violation waiting to happen. Not to mention, the constant pop-up asking to save is a distraction from accurate patient care & data entry.

Asked by greglillis Prieš 1 dieną

When does Firefox update disconnect.me block lists?

Hi. Does anyone know at what regularity the disconnect.me integration as part of the enhanced protection mode is updated please? The company I work for had an update to… (read more)

Hi.

Does anyone know at what regularity the disconnect.me integration as part of the enhanced protection mode is updated please?

The company I work for had an update to the URLs on the disconnect.me side on the 21/08 and this takes affect browser side after it’s been updated by the browser code. But we can see that all URLs are still blocked, rather than some specific ones, with the enhanced protection mode so it isn’t reflecting the updated code disconnect.me have available

Thanks

Asked by Jake.Taylor Prieš 1 dieną

Web Privacy Security Crawl Using Selenium Blocking Enhanced Tracking Protection

Hi, I am working on a web crawler that scrapes set of websites analyzing certain privacy strings that are present before and after Global Privacy Signals are sent. We ma… (read more)

Hi,

I am working on a web crawler that scrapes set of websites analyzing certain privacy strings that are present before and after Global Privacy Signals are sent. We make use of Selenium Web Driver to perform the crawl. Part of the data we collect is the urlClassification of third party sites that are tracking users on the site, via Firefox's Enhanced Tracking Protection. However when performing the crawl, Enhanced Tracking Protection data is no longer available while Selenium has automatic control over Firefox, even though there is indeed third party sites (fingerprinters, cross-site tracking cookies) active on these sites when they are manually visited not using our crawler. Does anyone have an idea why our software may be interfering with Firefox's Enhanced Tracking Protection? Thanks!

Asked by msmay1 Prieš 2 dienas

Last reply by msmay1 Prieš 2 dienas

Android Firefox Config entries and settings.

Is there a about:config entry for controlling the different types of data collected in the background? I'm asking because I have them switched off yet the app is still tr… (read more)

Is there a about:config entry for controlling the different types of data collected in the background? I'm asking because I have them switched off yet the app is still trying transmit.

Asked by opuscontinuum Prieš 2 dienas

Does Firefox Android encrypt passwords at rest?

Firefox Android requires my device password in order to view saved passwords, which suggests that passwords are encrypted at rest. However, it can also autofill passwords… (read more)

Firefox Android requires my device password in order to view saved passwords, which suggests that passwords are encrypted at rest. However, it can also autofill passwords in webpages without requiring a device password to be entered. This suggests that passwords are unencrypted, at least while the phone is unlocked? (Unsure if device lock state matters.)

I'm wondering, at an app-data level, when are passwords encrypted vs unencrypted?

(Normally Android apps' data are hidden from other processes in secure containers, but certain privileged processes (e.g. especially on a rooted device) can still access this app data. So, I'm wondering if decrypted password data is ever stored in the app's data folder, or does decryption happen exclusively in-memory, or am I misunderstanding it and there's a secret third explanation?)

Asked by fiffox Prieš 4 dienas

Thunderbird Calendar

I am using TB Beta 130.0b3 64 bit on Windows10 An entry has appeared in my Calendar and I have No idea where it came from It is however dated Friday 13th September … (read more)

I am using TB Beta 130.0b3 64 bit on Windows10

An entry has appeared in my Calendar and I have No idea where it came from It is however dated Friday 13th September ?! "France & Spain Trip 2024 Deposit"

Can anybody explain this ?!

Regards Eric

Asked by firefox2902 Prieš 4 dienas

Protect my Al app and protect my Al website

Protect my Al app and protect my Al website. Don't shearing my information and other drivers tracking my drivers please block the Other drivers block the Other website Ap… (read more)

Protect my Al app and protect my Al website. Don't shearing my information and other drivers tracking my drivers please block the Other drivers block the Other website Apple ID please help me

Asked by rjmehedi31 Prieš 4 dienas

Firefox EXPOSED/LEAKED MY EMAIL again today!

So, it happened again today. Saw their commercial on TV today and went to legacybox.com (NEVER BEEN THERE BEFORE; they transfer VHS tapes, and other stuff, to digital) an… (read more)

So, it happened again today. Saw their commercial on TV today and went to legacybox.com (NEVER BEEN THERE BEFORE; they transfer VHS tapes, and other stuff, to digital) and got an email from them after closing the browser tab and leaving their website. While I didn't open the email, their email Subject/title was "Thanks for stopping by...".

All I did was look around their website for a few minutes AND DID NOT GIVE THEM MY EMAIL ADDRESS!

This is EXTREMELY DISTURBING!

PLEASE, If anyone here has the Video DownloadHelper extension installed in Firefox AND their Companion App (it costs ~$28, I think.. so don't bother if you don't have it). And make sure you've updated to a recent version, WHERE THEY HAVE YOUR EMAIL/Licens# IN THE SETTINGS (L click on the VDH icon, click on the gear icon, and at the bottom of the menu, click on "More settings....". If your email is there, PLEASE GO TO Legacybox.com AND SEE IF THIS SITE SENDS YOU AN EMAIL as this may help to confirm if Firefox is leaking emails thru that app. Thanks!

Asked by BumbleBee Prieš 6 dienas

Last reply by BumbleBee Prieš 4 dienas

Password Security

Are my passwords secure if I just use FireFox right out of the box (just downloaded) without logging into my FireFox/Mozilla account? Firewall is on. Or must I be logge… (read more)

Are my passwords secure if I just use FireFox right out of the box (just downloaded) without logging into my FireFox/Mozilla account? Firewall is on.

Or must I be logged in for best security?

I use a 2024 MacBook Air M3. FF version 129.0.2 macOS Sonoma 14.6.1


Thanks, Tom

Asked by tomface41-ff2020 Prieš 5 dienas

How to revoke clipboard access for a website

I want to know how to revoke clipboard access for a website. I noticed firefox by default gives permission to copy to clipboard without giving the user option to allow or… (read more)

I want to know how to revoke clipboard access for a website. I noticed firefox by default gives permission to copy to clipboard without giving the user option to allow or block. Also no clue on how to disable the access. How can this be fixed? As there is no clipboard option under Site permissions.

Asked by Obinna Onyekwe Prieš 5 dienas