https://v.redd.it/p3qiqvwhz22e1
created by Funny-Advantage2646 on 20/11/2024 at 16:12 UTC
307 upvotes, 16 top-level comments (showing 16)
so I'm going to guess you shouldn't be able to hit back a couple of times and completely bypass your phone security to see saved passwords stored in Firefox? firfox is up to date and it works on both moto G power & samsung A23 so far
Comment by Bitim at 20/11/2024 at 16:35 UTC*
106 upvotes, 1 direct replies
Bug 1928779 - Password manager device lock PIN bypass in Firefox 132.0 for Android
Comment by Saphkey at 20/11/2024 at 16:27 UTC
133 upvotes, 2 direct replies
Wow, that worked on me too.
When the keyboard appears, just press back two times or more.
Didn't work in Firefox Nightly however. The bypass to "Saved passwords" screen works, but the passwords don't load. So maybe fixed in upcoming Nightly?
Comment by Caldas29 at 20/11/2024 at 18:02 UTC
74 upvotes, 6 direct replies
Never save passwords in browsers, Bitwarden is free.
Comment by Exodia101 at 20/11/2024 at 18:55 UTC
9 upvotes, 1 direct replies
Doesn't work for me, going back twice just sends me to the Firefox home page.
Comment by zelphirkaltstahl at 20/11/2024 at 19:05 UTC
15 upvotes, 0 direct replies
Do not store passwords in browsers. 'nough said.
Comment by ClueIntelligent1311 at 21/11/2024 at 00:58 UTC
3 upvotes, 0 direct replies
This bug doesn't work on Xiaomi phone, android 12. Or rather it works partially, I see empty space in place of passwords.
Comment by Eclipsan at 21/11/2024 at 09:07 UTC
3 upvotes, 0 direct replies
Friendly reminder that one should use a dedicated password manager, not the one in their browser. Because browser password managers have a long track record of security issues.
Comment by Killed_Mufasa at 20/11/2024 at 23:24 UTC
4 upvotes, 0 direct replies
I can reproduce this as well! This might honestly be the worst bug I've ever seen on a production product. And I'm a developer mind you.
Customers tend to overuse the term ASAP, but this should genuinely get fixed ASAP. There are probably already government agencies abusing this. Maybe we shouldn't even discuss this here..
Comment by bubrascal at 21/11/2024 at 01:30 UTC
2 upvotes, 0 direct replies
Can't replicate on my phone (I use nightly)
Comment by jimy_the_wolf at 21/11/2024 at 08:30 UTC
2 upvotes, 0 direct replies
I just replicated it on my samsung a35 and everything is up to date. This is a big fuck up on mozilla's end
Comment by zkribzz at 21/11/2024 at 19:39 UTC
2 upvotes, 0 direct replies
It doesn't work for me. Android 15, Firefox 132.0.2
Comment by lostinfury at 21/11/2024 at 12:52 UTC
1 upvotes, 0 direct replies
Bruh, the CIA would have paid top dollar for that! Haha jk.
On a more serious note, this hack exists for Firefox desktop. If you don't have a master password set for saved passwords, anybody can view your saved passwords using a tool developed by Mozilla! Stay frosty, use a master password, or use an actual dedicated password manager.
Comment by MrTooToo at 21/11/2024 at 14:03 UTC
1 upvotes, 0 direct replies
I tried the same. Got a blank screen, no password list. Using Nightly version
Comment by cassepipe at 21/11/2024 at 14:24 UTC
1 upvotes, 0 direct replies
Didn't know the mobile app had a master password option... Maybe it would be better if it relied on the OS to allow access rahter than rolling their own stuff.
Comment by Baardi at 21/11/2024 at 21:52 UTC
1 upvotes, 0 direct replies
And that's why you stay away from Firefox's password manager.
Bitwarden is a good alternative I can vouch for, but there should be a couple of other good options out there as well.
Comment by masterupc at 20/11/2024 at 23:22 UTC
-21 upvotes, 1 direct replies
that pin is from android so, it's an android 'feature', not firefox's