Comment 87 for bug 41179

(In reply to Matej Cepl from comment #69)
> (In reply to Murz from comment #63)
> > So most of users stores Firefox passwords non-secured like as plain text,
> > this is large security hole!
>
> No, it doesn't ... Firefox native password store is of course heavily
> encrypted (although with only optional password, true).

How Firefox can heavily encrypt them if user set empty password? As I see, most of users don't want to enter additional password on each open browser, and also many users even don't know about this feature (because Firefox don't suggest to encrypt passwords on install or first start).

So in most of Firefox installs passwords are not encrypted, and any other user can view it (for example via PasswordFox application).

In Google Chrome passwords are encrypted by default in windows via user password (Chrome uses a Windows provided API function which makes the encrypted data only decipherable by the Windows user account used to encrypt the password. So essentially, your master password is your Windows account password), on Gnome - stored in Keyring, on KDE - in KWallet, so user must not enter password on browser start and passwords are stored in encrypted format.

Will be glad to see something solution like in Chrome for password encryption by-default in Firefox.