The madest thing for me is that now other browsers integrate with platform
keyring. Why not Firefox ?
- Since other browsers have it, political arguments are weak
- Since Quantum overhaul, technical one are weak too. Mozilla had an
opportunity to deal with is issue that is a *major* usability
I am restricting this bug to users with the editbugs permissions. We
understand that some people are unhappy about this missing feature but
the "metoo" comments are not helping.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in
Please integrate this feature into Firefox, so that the old legacy GNOME
add-ons for this task are obsolete. It would be nice to fix this before
FF 57, when only WebExtensions are supported.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed
12 years on, we're back to square zero with firefox 57, as the available
extensions became incompatible. So depressing.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/41179
Title:
At this point I wouldn't take a patch to implement this as it would be a
significant cost with per-platform support. Extension APIs (which I know
aren't yet available) would be the solution for implementing this if
there is enough demand.
--
You received this bug notification because you are a
I totally agree. Just imagine that Firefox still saves all your passwords
unencrypted to your disc in it's default configuration. Who else does that in
our times?
The refusal to deal with this major security flaw is absolutely unacceptable!
And I think it's a sign of poor leadership. They
The move to WebExtensions (with the currently exposed and planned API)
would make the all the addons providing gnome/KDE/libsecret keyring
support impossible.
Are there plans to provide those APIs?
If not could we take another look at implementing the support directly
into firefox?
--
You
Comment on attachment 713868
Store Master Password by using libsecret to Gnome Keyring patch v2
Clearing ancient review flag on a patch I assume doesn't apply anymore.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
It seems that Frederic Crozat is working on it ?
see https://hackweek.suse.com/12/projects/746 &
https://github.com/swick/moz-gnome-keyring-integration/issues/2#issuecomment-107093071
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to
(In reply to Jan Horak from comment #130)
> [:gsvelto] are you willing to participate on the reviews?
I'd love to help but I'm not a peer of this part of our codebase so I
can't review patches for it. Reading Brian Smith's and Justin Dolske's
comments I think that we'd like to address bug 973759
Hey who will bake a ten year anniversary cake for this bug report? I'm
no longer gonna wait and decided to move on. typing my master password
ten times a day pisses me of enough to search for a solution and seeing
no progress made on a fundamental shortcoming gives me enough motivation
to search
Can someone summarize conclusion from Mozilla's site? I can work on it
but not until there's a clear what is required.
[:gsvelto] are you willing to participate on the reviews?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in
I already try to use those extensions, especially KDE Wallet password
integration but it works bad: it broke password sync feature and produce
browser crashes, and author don't know how to fix this. So native support for
password managers will be much better.
At now I remove master password and
Here are extensions that implement this functionality so you don't need to wait
for it to be built-in:
* https://addons.mozilla.org/en-US/firefox/addon/gnome-keyring-integration-1/
* https://addons.mozilla.org/en-US/firefox/addon/gnome-keyring-integration/
*
** Bug watch added: github.com/swick/moz-gnome-keyring-integration/issues #2
https://github.com/swick/moz-gnome-keyring-integration/issues/2
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
** Bug watch removed: Mozilla Bugzilla #536140
https://bugzilla.mozilla.org/show_bug.cgi?id=536140
** Bug watch removed: Mozilla Bugzilla #106400
https://bugzilla.mozilla.org/show_bug.cgi?id=106400
--
You received this bug notification because you are a member of Desktop
Packages, which
** Changed in: firefox
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/41179
Title:
Integrate with Gnome Keyring
Status in Mozilla Firefox:
(In reply to Mike Hommey [:glandium] (out from Sep 6 to Sep 22) from comment
#115)
(In reply to Alexander Korsunsky from comment #114)
This HAS been implemented as an addon:
https://github.com/infinity0/mozilla-gnome-keyring
The problem is that it has to be a binary add-on (...)
This
Note that https://bugzilla.mozilla.org/show_bug.cgi?id=106400 is the
counterpart for Mac OS X. It has a little under twice the votes and
twice the age of this bug. Any work on one of these bugs would likely
benefit the other. Maybe there should be an OS-neutral metabug for the
two?
--
You
** Bug watch added: Mozilla Bugzilla #106400
https://bugzilla.mozilla.org/show_bug.cgi?id=106400
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/41179
Title:
Integrate with Gnome
In response to claims of Chrome's superior password management, I just
lived through a use case where keeping the browser's passwords decoupled
from the system is much easier to work with.
Short version: Changing Linux distros broke Chromium's access to my
saved passwords. Please don't introduce
(In reply to Eric Toombs from comment #122)
You should give https://developer.mozilla.org/en-US/docs/Mozilla/js-
ctypes a read - JS used in Firefox add-ons is privileged and can use JS-
ctypes to interact with system libraries.
--
You received this bug notification because you are a member of
(In reply to Mike Hommey [:glandium] from comment #115)
(In reply to Alexander Korsunsky from comment #114)
This HAS been implemented as an addon:
https://github.com/infinity0/mozilla-gnome-keyring
The problem is that it has to be a binary add-on (...)
This isn't true. jsctypes can be
** Changed in: firefox (Ubuntu)
Status: Won't Fix = Triaged
** Changed in: firefox (Ubuntu)
Assignee: Mozilla Bugs (mozilla-bugs) = (unassigned)
** No longer affects: xulrunner-1.9.1 (Ubuntu)
** No longer affects: xulrunner-1.9 (Ubuntu)
--
You received this bug notification
Is there any update/ongoing work on this?
There are several attacks out in the wild that allow extracting
passwords from the firefox store. As it has been said before, non-
technical users will not use the master password (I don't use it either
because it bugs me with yet another password
(In reply to Justin Dolske [:Dolske] from comment #117)
Investing time is always a tradeoff. I have a long list of projects to
dramatically improve Firefox for users, and unfortunately the feature this
bug about ranks poorly against that list. The number of users using a master
password and
(In reply to Justin Dolske [:Dolske] from comment #117)
Investing time is always a tradeoff. I have a long list of projects to
dramatically improve Firefox for users, and unfortunately the feature this
bug about ranks poorly against that list. The number of users using a master
password and
(In reply to Justin Dolske [:Dolske] from comment #113)
So, I don't think we should invest time into supporting this, and it would
be better implemented as an add-on for those who want it. Sorry. :/
This HAS been implemented as an addon: https://github.com/infinity0
/mozilla-gnome-keyring
The
So, I don't think we should invest time into supporting this, and it would
be better implemented as an add-on for those who want it. Sorry. :/
I would have thought you should invest time on what matters to users.
This feature has a fair amount of votes and the absence of this feature
is one of
I don't know much about the internal workings of the Firefox Project,
but I'm willing to bet that those people using Linux AND using a master
password AND Firefox are of a demographic that would be resistant to
sending anonymous usage data.
--
You received this bug notification because you are a
Investing time is always a tradeoff. I have a long list of projects to
dramatically improve Firefox for users, and unfortunately the feature
this bug about ranks poorly against that list. The number of users using
a master password and linux is relatively tiny, and there are number
hurdles to even
(In reply to Alexander Korsunsky from comment #114)
This HAS been implemented as an addon:
https://github.com/infinity0/mozilla-gnome-keyring
The problem is that it has to be a binary add-on (...)
This isn't true. jsctypes can be used to call whatever APIs the binary
addon uses.
--
You
(In reply to Gabriele Svelto [:gsvelto] from comment #110)
I've looked at the password manager log and it seems to me that Justin
Dolske comes up often both as a contributor and a reviewer so I'm
needinfo'ing him here as he's both a Firefox and Toolkit peer in the hope
he's the right person
Regarding the UI: If you go with the master password option (for now if
not permanently), I would suggest adding two features to the Master
Password dialogue: a checkbox to store the password in the user’s
key{ring|chain}, and a button to generate a random password. The button
would lead to an
(In reply to David Webb from comment #111)
Does this sound reasonable?
Yes, it sounds like a good idea but also material for a follow-up. Let's
open a separate bug for that so that we don't make the patch here too
large or we'll never be done with it :)
--
You received this bug notification
Created attachment 790711
Refreshed patch
(In reply to jhorak from comment #109)
Okay, it seems that we're moving in circles. Who's going to decide which
approach to choice? I can implement storing password to system keyrings but
I won't do this without clear statement from Mozilla what they
Okay, it seems that we're moving in circles. Who's going to decide which
approach to choice? I can implement storing password to system keyrings
but I won't do this without clear statement from Mozilla what they would
like more. I still prefer storing only master password because of loose
I think we have to differenciate between two levels:
- The ability to *securely* store passwords (with a master password or a key
provided by the system's key manager)
- The ability to securely *store passwords in the system's key manager*, where
all my passwords live.
I favor the second
Hey guys, just wanted to give a heads up here...
I gave a talk at GUADEC which presented an alternate password storage
model, where the secret service provides a master key to apps (like
firefox) via standard interfaces like the linux kernel keyring. Apps can
use this key to encrypt their own
(In reply to Jesse Glick from comment #102)
explain how a user would switch from Linux to Windows and bring their
passwords with them
Same way you would for secrets used by any other application: enter them
again. This is an OS/desktop issue, not the responsibility of an individual
(In reply to Jesse Glick from comment #105)
(In reply to jhorak from comment #104)
do the libsecret supports KDE right now?
https://wiki.gnome.org/Libsecret says it does.
The site says that libsecret supports ksecretservice. And ksecretservice
is not working very well and is not included by
(In reply to jhorak from comment #104)
do the libsecret supports KDE right now?
https://wiki.gnome.org/Libsecret says it does.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/41179
(In reply to Brian Smith (:briansmith), was bsm...@mozilla.com (:bsmith) from
comment #94)
The Gnome keyring should never store/protect a password that the user
entered. Instead, it should store a randomly-generated key
Agreed that it feels unnatural to have to define a master password when
Sorry for introducing the proprietary term. I didn't assign any
judgement to it.
Wouldn't it be optimal, if Sync would be able to store and load into and
from a file? Then the data could be brought everywhere without storing
it online. This way the differences between systems wouldn't matter.
--
(In reply to Jesse Glick from comment #100)
Agreed that it feels unnatural to have to define a master password when you
are using the native keyring. But bear in mind that the whole approach of
continuing to use proprietary password storage, and keeping only a single
decryption key in the
explain how a user would switch from Linux to Windows and bring their
passwords with them
Same way you would for secrets used by any other application: enter them
again. This is an OS/desktop issue, not the responsibility of an
individual application. Of course if you have decided to use cloud
What are the downsides of completely relying on libsecret for storing
passwords instead of a proprietary solution? Then a user had all his
passwords in his keyring and wouldn't have to care about other locations
where passwords are stored.
--
You received this bug notification because you are a
(In reply to Brian Smith (:briansmith), was bsm...@mozilla.com (:bsmith) from
comment #94)
4) Some people at Mozilla are working on this Sign into the browser /
Profile in the Cloud thing, of which Sync is a part. See
https://wiki.mozilla.org/Identity/AttachedServices. I think it is important
(In reply to Brian Smith (:briansmith), was bsm...@mozilla.com (:bsmith) from
comment #95)
Shouldn't the users that care about protecting their passwords be using
full-disk encryption with a system password already? Why don't we just
remove the master password mechanism on Linux completely,
(In reply to Brian Smith (:briansmith), was bsm...@mozilla.com (:bsmith) from
comment #94)
2) The patch contains a prompt that asks Do you want to save master
password to system password manager? But, this seems like the wrong
question. I think, instead, the Change Password dialog box should
Created attachment 785385
Refreshed patch
This is a refreshed version of attachment 713868; the changes were
fairly minimal as noted in comment 91 and comment 92. Besides adjusting
a few rejections it was just a matter of importing nsIFile.h to get it
working.
I've done some light testing on my
(In reply to David Keeler (:keeler) from comment #89)
* It still needs (at least) a review from a PSM peer. As far as I know, Kai
is unavailable to do PSM reviews. Other peers are listed here:
https://wiki.mozilla.org/Modules/All (search for PSM)
I am the PSM module owner but I am not even a
(In reply to Brian Smith (:briansmith), was bsm...@mozilla.com (:bsmith) from
comment #94)
1) I see in the patch that this is a build option that is off by default. I
would prefer it to be ON by default for all Linux desktop builds, and if
libsecret isn't available at runtime, then we just
Adrien - if you're looking to continue development on this patch, you
can see if someone in #developers (see https://wiki.mozilla.org/IRC )
might be able to help you with the compilation issues. At a glance, it
looks like you need to add some #includes (specifically, #include
Ok, I've tried to clone mozilla-central, apply patch and compile, but it
wasn't successful.
In fact, I wasn't able to apply the patch and so I've tried to apply
manually the changes, but it was a little bit as black magic for me.
That's why I've got this compilation error I think :
Created attachment 780879
Modified patch to be applied to mozilla-central, but it won't compile
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/41179
Title:
Integrate with Gnome
Adrien - here's some steps you can take:
* Does it apply/compile for mozilla-central? (`hg clone
https://hg.mozilla.org/mozilla-central`, `cd mozilla-central`, [apply patch],
`./mach build`)
* It still needs (at least) a review from a PSM peer. As far as I know, Kai is
unavailable to do PSM
I've compiled it for Firefox 22 and it seems to work according a Gnome
user point of view (but I don't know how to check if my passwords are
well encrypted).
Did some Kwallet user try it ? And what will be next step to include
this patch in future Firefox release ?
--
You received this bug
(In reply to jhorak from comment #86)
The secret_password_lookup is called on main thread, so we have to use async
function to update gui.
Makes sense.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
Created attachment 713868
Store Master Password by using libsecret to Gnome Keyring patch v2
Thanks Stef for feedback. I've fixed mentioned issues.
(In reply to Stef Walter from comment #84)
@@ +808,5 @@
+
+ secret_password_lookup(MOZILLA_SECRET_SCHEMA, nullptr,
on_lookup_finished, this,
Created attachment 713377
Store Master Password by using libsecret to Gnome Keyring patch v1
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/41179
Title:
Integrate with Gnome Keyring
Comment on attachment 713377
Store Master Password by using libsecret to Gnome Keyring patch v1
Review of attachment 713377:
-
::: security/manager/ssl/src/nsNSSCallbacks.cpp
@@ +800,5 @@
+ rv =
Comment on attachment 713377
Store Master Password by using libsecret to Gnome Keyring patch v1
Review of attachment 713377:
-
Overall looks good. Haven't tested. Just a few comments.
::: configure.in
@@ +4989,5 @@
+
+if test
Created attachment 709034
Store Master Password to Gnome Keyring patch v3
Changes
- Prompt user if he wants to store master password to Gnome Keyring.
- rewritten patch a bit to avoid a lot of nested ifs.
Changing reviewer as long as Kai showed some interest in this patch. Thanks.
--
You
Created attachment 707001
Store Master Password to Gnome Keyring patch v2
Fixed patch, asking for review from PSM.
The patch has one drawback though. In Saved Passwords list the master password
is not required to show password for each record. However Gnome keyring also
allows to show password
(In reply to n...@parkwaycc.co.uk from comment #78)
Comment on attachment 706354
Store Master Password to Gnome Keyring patch v1
You need build system and PSM reviews, so I'll just comment on code patterns.
+ PRUnichar *password = nullptr;
+ nsAutoString promptString;
+
(In reply to jhorak from comment #79)
Thanks for feedback.
The ustr or NS_LL is char16_t*. I'm not sure if I can safely cast it to
PRUnichar), can I?
Note you can't use u because that's only supported in c++11 mode, and
we still support not building in that mode.
--
You received this bug
Created attachment 706354
Store Master Password to Gnome Keyring patch v1
I've made a patch for storing Master password to Gnome Keyring. Not sure
who ask for review. I'm trying you neil as long as I see you as peer on
Passwords Permissions module.
--
You received this bug notification because
Comment on attachment 706354
Store Master Password to Gnome Keyring patch v1
You need build system and PSM reviews, so I'll just comment on code
patterns.
+ PRUnichar *password = nullptr;
+ nsAutoString promptString;
+
+ // Get prompt message for Gnome Keyring master
I'm very glad that this is making progress, I'm sure others are too :)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/41179
Title:
Integrate with Gnome Keyring
Status in The Mozilla
Hi there, I've made a new extension to store passwords on keyring. It is
based on another extension (written by me) that uses kde wallet manager,
which was based on the original extension named here. It is being
checked right now, but you can download and test it from:
(In reply to Launchpad from comment #67)
nodiscc added the following comment to Launchpad bug report 41179:
This is only partly correct as this does not seem to work on Ubuntu =
12.10.
You should try the official debian package at
I think the idea of using the native keyring to store the master
password is sound. I'd be glad to try and implement it for gnome-keyring
once I've got some spare time on my hands.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox
I posted earlier in this thread (probably so long ago that I can't find
it :U)
I'd like to reiterate my motion that this is a needed feature. I
believe, as an end user, and an experienced computer user, who knows a
fair bit about securing end user stuff, I believe that Firefox will be
forever
Oh, looks like I only subscribed, not posted.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/41179
Title:
Integrate with Gnome Keyring
Status in The Mozilla Firefox Browser:
(In reply to Justin Dolske [:Dolske] from comment #60)
I guess I would say that it's not clear to me that integration with the
system keystore provides significant value (cost/benefit)
As it has been made clear already, the benefit is
1) that on a usual Desktop, multiple applications need to
(In reply to Matej Cepl from comment #69)
(In reply to Murz from comment #63)
So most of users stores Firefox passwords non-secured like as plain text,
this is large security hole!
No, it doesn't ... Firefox native password store is of course heavily
encrypted (although with only
(In reply to Murz from comment #63)
So most of users stores Firefox passwords non-secured like as plain text,
this is large security hole!
No, it doesn't ... Firefox native password store is of course heavily
encrypted (although with only optional password, true).
Otherwise, +1 to comment 66
** Bug watch added: Mozilla Bugzilla #536140
https://bugzilla.mozilla.org/show_bug.cgi?id=536140
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/41179
Title:
Integrate with Gnome
Well, the benefit would be a single store for passwords/keys instead of every
application having its own.
Firefox is not the center of the universe, you know.
If this feature won't be implemented, then you should close this bug report.
What is the benefit of keeping a feature request open for 7
I guess I would say that it's not clear to me that integration with the
system keystore provides significant value (cost/benefit), and so I
don't see this happening any time soon. I'd also be concerned about it
adding complexity for Sync.
The master password is a whole 'nother ball ox wax, still
This is my own experience, but at the moment Firefox is the only
application I use where I need to type a password each time I fire it,
due to this lack of keychain integration.
At a time where firefox needs to distinguish itself from his
concurrents, it is easy to see the benefits (although I
Expiring same problem too. For KDE environment this issue can be fixed
via extension https://addons.mozilla.org/ru/firefox/addon/kde-wallet-
password-integratio/ but there are no easy-to-install way for Gnome.
So most of users stores Firefox passwords non-secured like as plain
text, this is large
(In reply to Mikko Rantalainen from comment #64)
For Gnome compatible environments: there's no ready-made extension at
addons.mozilla.org but you can fetch the latest version from
https://github.com/infinity0/mozilla-gnome-keyring or if you use Ubuntu, you
can add PPA from
Storing only master password in (Gnome/KDE) keyring could be less
complicated in this case and it would still work with Mozilla's Sync,
wouldn't it?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
For Gnome compatible environments: there's no ready-made extension at
addons.mozilla.org but you can fetch the latest version from
https://github.com/infinity0/mozilla-gnome-keyring or if you use Ubuntu,
you can add PPA from https://launchpad.net/~fat-lobyte9/+archive/ppa-
public and install
This is only partly correct as this does not seem to work on Ubuntu = 12.10.
You should try the official debian package at
http://packages.debian.org/experimental/xul-ext-gnome-keyring
2013/1/14 Jhorak 41...@bugs.launchpad.net:
Storing only master password in (Gnome/KDE) keyring could be less
So what is current Mozilla point of view to incorporate this enhancement to
Firefox directly (without extension)? And if so what is more preferable:
1. store all saved password in keyring
2. store only master password in keyring.
--
You received this bug notification because you are a member of
I think this would be much better included in Firefox that as an
extension, as both Firefox himself and other extensions can tr
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/41179
FWIW Chrome on Ubuntu Oneiric seems to use the login keyring out of the
box - and on first start will offer to import your Firefox passwords,
copying them to the native keyring.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in
typo added the following comment to Launchpad bug report 217300:
Use case:
I like to encrypt all my credentials (website/username/password entries) with a
password. But I don't like to enter too many passwords when I use my computer.
So i'd like to unlock my keyring with my login password like
91 matches
Mail list logo