[Communitivity]

This is not a new phenomenon, though the ease of the exploit might be new. I remember a while ago you could go in SQLite and look at the file Firefox stored all the saved passwords in, for any user. That exploit was fixed, and this one likely will be as well. I agree with other commenters, the most disturbing thing about this is the blase attitude of the response.

[hlieberman]

Mmm. You still can, if there's no master password enabled. But that's a distinct issue from this. Here, you're going from a state that should be entirely safe ("signed out"), to retrieving all of the secrets that are held.

Because Firefox doesn't have sign-in and sign-out like Chrome does, the principle of least surprise kicks in.