Why can't any code that want's to steal your passwords in firefox's DB just use ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tokyodude on Nov 5, 2018 \| parent \| context \| favorite \| on: Stealing Chrome cookies without a password Why can't any code that want's to steal your passwords in firefox's DB just use firefox's open source code to decrypt? Firefox requires no password to start up and access your passwords so why couldn't any other code just follow the same process?

gcb0 on Nov 6, 2018 [–]

True. They suggest you use a master password, which solves this problem. But if you ignore that it will generate one for you which will only make it a little bit more annoying for anyone trying to steal directly from the offline file.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact