Overview
In order to protect your sensitive login informations, you decide to put a Master Password, so only you can effectively use them and makes you feel better in case you lose your storage media.
Additional Informations
Because you like to have some settings already configured on some websites, cookies are created and stored on the storage media for future references in a file name cookies.sqlite. This file is actually an SQLite database, which contain all the informations regarding your cookies. If you open this file with a plain text editor (ie: notepad), you'll see a bunch of mostly-unreadable data, and some readable text strings, like the URLs of stored cookies.
Application
In case someone retrieve your storage media, even if there is a Master Password, effectively protecting your login informations, the cookies.sqlite is not protected by the encryption scheme.
What the attacker could do, is to create a plain installation of Firefox Portable, copy the cookies.sqlite file of your storage media into the plain installation, and launch the basic Firefox Portable installation. With the URLs stored in the cookies.sqlite file, he could access for example mail.google.com that you previously logged in (without logging out) and gain access to your account, even if the attacker don't even know your password, because the stored cookies will authenticate the browser as the one who previously logged in before.
Recommendations
-Do not store cookies for longer than the current Firefox session (Keep until I close Firefox)
-Use a third-party software that encrypt your Firefox Portable profile or the whole storage media (Toucan, TrueCrypt, etc.)
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
This is nothing really new. It applies across all portable software across all platforms. As well as your laptop, PDA, etc.
Sometimes, the impossible can become possible, if you're awesome!
But is good info for
newbiesbeginners, anyway.Alive and kicking!
"If you were a robot, and I knew but you didn't, would you want me to tell you?"
Passwords can be read quite easily.
See this: http://www.nirsoft.net/utils/passwordfox.html
Additionally cookies, history, everything else is unsafe. So the best protection is encrypting and password protecting your computer/USB stick.
[edit] - Rephrased sentence.
It displays all information except usernames and passwords. Maybe it works once the master password is entered, but that would still be useless. signons.txt, signons2.txt, and signons3.txt are all encrypted.
Vintage!
I tried it on my Firefox Portable installation with a Master Password, it is unable to retrieve them, as the files are encrypted.
The only thing in fact that is encrypted is the password file (signons3.txt), and the Master Password keyfile (key3.db). Without brute-forcing those files, you won't have access to it's content.
cookies, stored sessions data are not encrypted, which is why you shouldn't keep them on a portable device.
Using a strong enough Master Password should keep most people out of your stuff.