Firefox 3 – huge security hole!?

1 Comment

I just downloaded the new Firefox 3 and after using it for five minutes my first impression is that it’s super fast.

But during these five minutes I already found what to me seems like a huge security flaw:

Click on the site icon in the address bar + click More Information button + click Show Passwords button. This will show any passwords you have saved for a site in clear text!

This means for example that if I borrow a friend’s computer I will be able to see his or hers stored usernames and passwords in clear text.

How many normal users will know about this security hole when they select to have firefox remember their username and password? Not many.

I have not played around with FireFox 3 long enough to see if there is a way to turn this feature off, but by default it is obviously on.

This does not seem thought thru at all…

Ps: I have no idea how passwords are stored in the file system in FF2 or FF3 but I always supposed that it was somehow encrypted but maybe it has always been in clear text?

[Update:

I have now been told and checked that it also worked like this in FF2 only that you had to go to Tools + Options + Security to see them. To prevent others from seeing your passwords you should set a Master Password from Tools + Options + Security.

I have not yet examined the file system but from what I have read passwords are encrypted and stored in two files: key3.db and signons.txt.

From a quick look in Internet Explorer 7 I cannot find my stored passwords anywhere so it seems this is handled more securely there. But maybe it’s there only I cannot find it? I ran Firefox 2 for a long time without noticing my passwords were available for anyone using my computer to see…

In my opinion this is still a huge security hole and I cannot understand why Firefox works this way. The least I would expect would be a clear warning every time you are asked to store a password (without having your Master Password set) ]

IE7 performance problems

No Comments

I have been having some serious performance problems with my Windows XP laptop the last 6+ months. This is a few years old machine, 1GB RAM and Celeron processor.
I did a lot of upgrading around that same time – Office 2007 incl. Groove 2007 and the new Desktop Search and also upgraded to Internet Explorer 7 (IE7). Ever since, I’ve been trying to figure out which upgrade is draining my performance (or if it was just time for the annual Windows format at reinstall…)
They are all great upgrades feature wise but I wish Microsoft would focus a bit more on performance and not only features.

A few weeks back I switched from IE7 to Firefox 2 as my default browser and almost all of my performance problems are gone!

On my Vista machine I have had a problem with IE7 that when a popup window opens IE7 crashes. I haven’t researched this enough but I get a feeling that this occurs when using javascript to open a new window.
Changed from IE7 to Firefox 2 on my Vista machine too and problem gone. No big change in performance on this machine though.

One thing I like about Firefox is the crash recovery feature – if Windows crashes (Firefox itself has not yet crashed on me) or your laptop runs out of batteries etc, when you restart Firefox it asks you if you want to restore all tabs the way they were before the crash. Excellent feature!!

One thing I dislike – or at least have not yet learned to like – is the way Firefox handles drop down menus. In IE I am used to just type the first few letters of whatever I want to navigate to in the drop down. Then I can navigate using the keyboards up and down arrow to navigate the previous or next entry in the list. This keyboard navigation does not work in Firefox, I have to use the mouse to scroll up and down in the list. Also it’s not enough to select an entry in the list to trigger changes to the page (Javascript onBlur not triggered?) but I have to either hit the Enter key or navigate to another field.
Also Firefox does not seem to be able to open pdf files/Acrobat Reader in a browser window which is a bit annoying.

Anyway so far there are more positive things than negative with Firefox and I’m happy I finally made the move from IE.