Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Security flaw: Settings accessible after canceling OS authentication prompt

  • 1 baphendule
  • 0 zinale nkinga
  • 205 views
  • Igcine ukuphendulwa ngu Paul

Fouad Hany
Fouad Hany

When accessing about:logins, Firefox prompts for system authentication (Primary password or master password). However, if the user cancels the prompt twice, the password manager still opens and displays all saved logins without authentication.

This behavior bypasses the intended security check and could pose a risk, especially in shared or public machines

When accessing about:logins, Firefox prompts for system authentication (Primary password or master password). However, if the user cancels the prompt twice, the password manager still opens and displays all saved logins without authentication. This behavior bypasses the intended security check and could pose a risk, especially in shared or public machines

All Replies (1)

Paul
Paul
  • Moderator
  • Top 10 Contributor

Hi

Thank you for flagging this up. I am looking into this with Mozilla staff and hope to respond soon with an update.