|
|
|
|
|
|
by zeveb
2236 days ago
|
|
|
> Is it considered safe enough? No: Mozilla have access to your passwords if you use the Sync feature. They encrypt your passwords with a key encrypted by a key generated from your Firefox Account password, and you enter that password on a web page they serve from servers they control. At any point they can start or stop serving malicious JavaScript to one, many or all users logging in, and steal your master password, then use that to decrypt your stored passwords. Yes, they could also target users in Firefox itself, but that would leave traces in the Firefox binaries, and users should not automatically install Firefox updates the way they 'install' JavaScript on every page load. If you do not use the Sync feature I believe that the password manager is okay enough. |
|
|