Android global password security issue

Talk about Mozilla browsers for small devices such as PDAs and cellphones.
Post Reply
jech
Posts: 2
Joined: March 10th, 2016, 6:27 am

Android global password security issue

Post by jech »

Hello,

I think I found a security problem in Firefox on Android. I have my bank account login stored in Firefox, which is OK on desktop since I have to confirm it with an SMS code. But of course if someone would steal my phone, he could get the bank account login and would also get the SMS. So this is a potentially very dangerous situation.

I decided to use global password for Firefox on my phone. But I found a very simple way to get around it. If you go to application maintenance and delete Firefox data, it will delete the global password protection. But the rest of data (logins, history etc.) will get synchronized again without the need to log into Firefox Sync again.

I believe it is caused by the Firefox account present in my phone.

Can anyone else confirm this? That would make the global password protection quite useless.
User avatar
LIMPET235
Moderator
Posts: 39920
Joined: October 19th, 2007, 1:53 am
Location: The South Coast of N.S.W. Oz.

Re: Android global password security issue

Post by LIMPET235 »

Moving to Mobile...
[Ancient Amateur Astronomer.]
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.

(Always choose the "Custom" Install.)
jech
Posts: 2
Joined: March 10th, 2016, 6:27 am

Re: Android global password security issue

Post by jech »

Nobody cares about this? I think it is a very serious security hole which makes global password useless. If somebody would steal my phone, with this very simple trick he can get all my stored logins and passwords. Because Firefox has no options to exclude some logins from sync, they would even get my bank account login and with my phone in hands they would be able to steal all my money, because confirming SMS messages would get there too.

Don't you think it is a very serious issue? I just confirmed I can reproduce it any time.
User avatar
Bockworscht
Posts: 159
Joined: May 19th, 2008, 1:57 pm
Contact:

Re: Android global password security issue

Post by Bockworscht »

No use in telling this here, create a bug on bugzilla.
kbrosnan
Posts: 520
Joined: October 23rd, 2003, 8:32 pm

Re: Android global password security issue

Post by kbrosnan »

Post Reply