This is something I was surprised to see when trying to get some passwords out of Firefox a while ago and I'm curious what others think about it.
Other browsers such as Chrome store an encryption key in the system keychain so it can not be stolen at rest, but Firefox stores it in a plain text file next the the encrypted database, which seemingly defeats the purpose of having an encrypted database.
This is something I was surprised to see when trying to get some passwords out of Firefox a while ago and I'm curious what others think about it.
Other browsers such as Chrome store an encryption key in the system keychain so it can not be stolen at rest, but Firefox stores it in a plain text file next the the encrypted database, which seemingly defeats the purpose of having an encrypted database.
I've posted about this a few years ago, but there was barely any response.
In my opinion, this insecurity by default is reason enough not to recommend Firefox.