Y
Hacker News
new
|
ask
|
show
|
jobs
by
dpacmittal
31 days ago
For the same reasons, I imported all my passwords to Firefox and I'm satisfied with it. I have the option to self host if I don't trust Mozilla
1 comments
_karie_
31 days ago
Any malware or LLM with user-level filesystem access can attack the outdated KDF [1] and/or wait for Firefox to be running with an unlocked credential store and read the decrypted passwords from Firefox's process memory.
[1]
https://bugzilla.mozilla.org/show_bug.cgi?id=973759
link
jcattle
31 days ago
Isn't it game over anyway once you have an adversary on your system capable of reading process memory?
link
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=973759