Security flaw: Settings accessible after canceling OS authentication prompt
When accessing about:logins, Firefox prompts for system authentication (Primary password or master password). However, if the user cancels the prompt twice, the password manager still opens and displays all saved logins without authentication.
This behavior bypasses the intended security check and could pose a risk, especially in shared or public machines
When accessing about:logins, Firefox prompts for system authentication (Primary password or master password). However, if the user cancels the prompt twice, the password manager still opens and displays all saved logins without authentication.
This behavior bypasses the intended security check and could pose a risk, especially in shared or public machines
所有回覆 (1)
Hi
Thank you for flagging this up. I am looking into this with Mozilla staff and hope to respond soon with an update.