ძიება მხარდაჭერაში

ნუ გაებმებით თაღლითების მახეში მხარდაჭერის საიტზე. აქ არასდროს მოგთხოვენ სატელეფონო ნომერზე დარეკვას, შეტყობინების გამოგზავნას ან პირადი მონაცემების გაზიარებას. გთხოვთ, გვაცნობოთ რამე საეჭვოს შემჩნევისას „დარღვევაზე მოხსენების“ მეშვეობით.

ვრცლად

The master password dialog is not well labeled. Any chance it could be spoofed using JS and someone could then access all passwords?

  • 4 პასუხი
  • 4 მომხმარებელი წააწყდა მსგავს სიძნელეს
  • 1 ნახვა
  • ბოლოს გამოეხმაურა cor-el

IMO, the master password request dialog is not well labeled, and its identity (and authenticity) seem a little in doubt each time it appears. It is possible someone could be spoof it using JS and I could unwittingly hand my "skeleton key" over to a thief? Please tell me I am just being paranoid!

IMO, the master password request dialog is not well labeled, and its identity (and authenticity) seem a little in doubt each time it appears. It is possible someone could be spoof it using JS and I could unwittingly hand my "skeleton key" over to a thief? Please tell me I am just being paranoid!

გადაწყვეტა შერჩეულია

I don't think a script in an ordinary web page has permission to read your passwords for other websites, even if you do not use a master password. It should be restricted to seeing what the password manager populates into the page.

For that reason, even if a page captured your master password, I don't think it could use it in a nefarious way. But perhaps I'm insufficiently devious.

პასუხის ნახვა სრულად 👍 1

ყველა პასუხი (4)

შერჩეული გადაწყვეტა

I don't think a script in an ordinary web page has permission to read your passwords for other websites, even if you do not use a master password. It should be restricted to seeing what the password manager populates into the page.

For that reason, even if a page captured your master password, I don't think it could use it in a nefarious way. But perhaps I'm insufficiently devious.

That's good to hear. Thanks. Nevertheless, although admittedly less important, I think the master password dialog should be less cryptic. Currently it says "Password Required" in the title, and "Please enter the master password for the Software Security Device" in the dialog itself. Perhaps "Firefox requires your master password to enable Sync"?

Thanks for your help and consideration.

That might be clearer! You can submit suggestions for features changes using

Help > Submit Feedback

(Things tend to get buried here...)

You can also consider to set the signon.autofillForms to false on the about:config page to prevent Firefox from entering a name and password automatically.