MozillaZine

Android global password security issue

Talk about Mozilla browsers for small devices such as PDAs and cellphones.
jech
 
Posts: 2
Joined: March 10th, 2016, 6:27 am

Post Posted March 10th, 2016, 6:40 am

Hello,

I think I found a security problem in Firefox on Android. I have my bank account login stored in Firefox, which is OK on desktop since I have to confirm it with an SMS code. But of course if someone would steal my phone, he could get the bank account login and would also get the SMS. So this is a potentially very dangerous situation.

I decided to use global password for Firefox on my phone. But I found a very simple way to get around it. If you go to application maintenance and delete Firefox data, it will delete the global password protection. But the rest of data (logins, history etc.) will get synchronized again without the need to log into Firefox Sync again.

I believe it is caused by the Firefox account present in my phone.

Can anyone else confirm this? That would make the global password protection quite useless.

LIMPET235
Moderator

User avatar
 
Posts: 37473
Joined: October 19th, 2007, 1:53 am
Location: The South Coast of N.S.W. Oz.

Post Posted March 10th, 2016, 6:44 am

Moving to Mobile...
Ancient Amateur Astronomer
Win-7-HP/IntelĀ® DualCore-2.0GHz/500G HDD/4 Gig Ram/550Watt PSU/350WattUPS/Firefox-20.0-50.0-56.0.1/T-bird-2.0.0.24/SnagIt-v10.0.1/MWP-7.11.0.
RadioYachting. Conficker Test. (Always choose the "Custom" Install.)

jech
 
Posts: 2
Joined: March 10th, 2016, 6:27 am

Post Posted March 17th, 2016, 3:38 am

Nobody cares about this? I think it is a very serious security hole which makes global password useless. If somebody would steal my phone, with this very simple trick he can get all my stored logins and passwords. Because Firefox has no options to exclude some logins from sync, they would even get my bank account login and with my phone in hands they would be able to steal all my money, because confirming SMS messages would get there too.

Don't you think it is a very serious issue? I just confirmed I can reproduce it any time.

Bockworscht

User avatar
 
Posts: 159
Joined: May 19th, 2008, 1:57 pm

Post Posted March 18th, 2016, 11:14 am

No use in telling this here, create a bug on bugzilla.

kbrosnan
 
Posts: 495
Joined: October 23rd, 2003, 8:32 pm

Post Posted April 26th, 2016, 4:55 pm


Return to Mobile


Who is online

Users browsing this forum: No registered users and 2 guests