This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox is not secure!

  • 16 replies
  • 0 have this problem
  • Last reply by cor-el

more options

Firefox releases email addresses and our data to third parties!

I installed the Arc browser and Arc offered to load my bookmarks from mozilla. Out of curiosity, I let it, and it loaded my bookmarks and folders smoothly. Arc didn't navigate Firefox to the login page, so Firefox released my information without asking me.

What probably happened in the background was that the Arc browser told Firefox which email address it was requesting data from, and Firefox handed over the data to it "on notice". Firefox was not even convinced that the real owner of the email address asked the Arc browser to synchronize the folders.

Is it the famous Firefox reliability?

'''Firefox releases email addresses and our data to third parties!''' I installed the Arc browser and Arc offered to load my bookmarks from mozilla. Out of curiosity, I let it, and it loaded my bookmarks and folders smoothly. Arc didn't navigate Firefox to the login page, so Firefox released my information without asking me. What probably happened in the background was that the Arc browser told Firefox which email address it was requesting data from, and Firefox handed over the data to it "on notice". Firefox was not even convinced that the real owner of the email address asked the Arc browser to synchronize the folders. Is it the famous Firefox reliability?

Chosen solution

Paul said

Hi Just to clarify: You asked another browser to import your data from Firefox, and it imported the data from Firefox. I am struggling to see what the problem is here.

1. The browser saw my folders before I asked it to sync. 2. I thought that no other application could access my data, because it is protected by Mozilla.

I thought you had to ask permission from mozilla, but I was wrong. Mozilla stores the data on my computer unprotected.

I create any software on that basis, and it can access any data on my computer that is not protected. I can rummage through people's data with ease.

I have already realized that this is not only Mozilla's fault, but also Microsoft's.

Read this answer in context 👍 0

All Replies (16)

more options

Well, that's a nice conspiracy theory.

Helpful?

more options

Did you get all those badges by writing foolishness?

If you ask me for my email address, I will give it to you. So, for example, will Apple release my data to you if you ask Apple to release the data associated with the email address to you? Never! If you can't think logically, don't write stupid things!

Helpful?

more options

TyDraniu írta

Well, that's a nice conspiracy theory.

Even simpler for you to understand.

How did the Arc browser get my data from Firefox if Arc only knew my email address?

Helpful?

more options

It's even worse! It doesn't work the way I thought it would. After I deleted the Arc browser, I downloaded it again and registered with a different email address. And when I clicked on the Firefox logo, Arc displayed my folders and bookmarks in the same way. I didn't even accept the synchronization yet, I just chose from the offered browsers. Firefox transfers the data to third parties without restriction, who can browse the data freely.

Helpful?

more options

Arc will have read the information from your Firefox Profile folder on your hard disk — it won't have needed to access Mozilla's server, nor would it have needed to access Google's had you been moving from Chrome or MicroSoft's if moving from Internet Explorer/Edge.

Modified by ThePillenwerfer

Helpful?

more options

thepillenwerfer said

Arc will have read the information from your Firefox Profile folder on your hard disk — it won't have needed to access Mozilla's server, nor would it have needed to access Google's had you been moving from Chrome or MicroSoft's if moving from Internet Explorer/Edge.

Bad example and wrong approach. I haven't moved from anywhere, I've always been a Firefox user. Why should any software developer just have access to my data for a third party? It handles data very loosely.

Helpful?

more options

Wonderful world... People found TyDraniu's post helpful...  ? :)) Nobody cares about privacy. No one even knows what a private sphere is. For example, today's young people don't even know what a letter secret is. Everyone takes it for granted that Google reads emails.

Only Apple takes privacy seriously, no one else. I only use Safari on iOS.

Helpful?

more options

info11727, I believe that your bookmarks are stored unencrypted in your Firefox profile on your hard drive. Any person or software that has access to your hard drive can read and copy them.

Your passwords are also easily accessible to anyone who has access to your hard drive, unless if you have set a primary password. In which case the person or software accessing your system would need it to decrypt your passwords.

So as has already been suggested, there is no need for anyone to have contacted Mozilla and for them to have released information.

Out of interest, are you using a primary password? If you were, and the other browser managed to import your passwords without either you supplying it, or you needing to supply it to unlock them in the new browser, then that would be worrying.

One other point, once you imported your Firefox data into the new browser, it probably copied it into its own data folders on your hard drive. If you simply uninstalled the other browser without removing all its data, then this data would still be there when you reinstalled. This might explain why the bookmarks etc. were already there when you set the new browser up the second time?

Anyway, if you believe that Firefox should have an option to encrypt all data, and not just your passwords, then you can certainly suggest this to Mozilla via going to the Help menu and following the Share Ideas and Feedback… link.

However, I suspect that once you have entered your password to unlock your bookmarks and other data in Firefox, it would be difficult to prevent other software on your system from being able to access this unlocked data also? If you can see it then they can?

Modified by TechHorse

Helpful?

more options

TechHorse said

info11727, I believe that your bookmarks are stored unencrypted in your Firefox profile on your hard drive. Any person or software that has access to your hard drive can read and copy them. Your passwords are also easily accessible to anyone who has access to your hard drive, unless if you have set a primary password. In which case the person or software accessing your system would need it to decrypt your passwords. So as has already been suggested, there is no need for anyone to have contacted Mozilla and for them to have released information. Out of interest, are you using a primary password? If you were, and the other browser managed to import your passwords without either you supplying it, or you needing to supply it to unlock them in the new browser, then that would be worrying. One other point, once you imported your Firefox data into the new browser, it probably copied it into its own data folders on your hard drive. If you simply uninstalled the other browser without removing all its data, then this data would still be there when you reinstalled. This might explain why the bookmarks etc. were already there when you set the new browser up the second time? Anyway, if you believe that Firefox should have an option to encrypt all data, and not just your passwords, then you can certainly suggest this to Mozilla via going to the Help menu and following the Share Ideas and Feedback… link. However, I suspect that once you have entered your password to unlock your bookmarks and other data in Firefox, it would be difficult to prevent other software on your system from being able to access this unlocked data also? If you can see it then they can?

I don't use a primary password, I didn't even know one existed. I think firefox should do something to prevent this from happening. Because we expect this from Microsoft in vain, Microsoft is just as curious as Google's spy software these days.

On the Apple operating system, the system itself asks me for all access permissions. It's a nightmare that any software can scan all the folders on my computer during installation, even though I only give it permission to install.

As I wrote, the Arc browser saw my folders before I gave permission to sync. After the first installation, I basically deleted all related files. Although it was not easy to search for the word "Arc" on my computer.

Anyway, thanks for your comment. I still don't think this is how it should work, but I'll take the chance and set a primary password.

Helpful?

more options

TechHorse said

info11727, I believe that your bookmarks are stored unencrypted in your Firefox profile on your hard drive. Any person or software that has access to your hard drive can read and copy them. Your passwords are also easily accessible to anyone who has access to your hard drive, unless if you have set a primary password. In which case the person or software accessing your system would need it to decrypt your passwords. So as has already been suggested, there is no need for anyone to have contacted Mozilla and for them to have released information. Out of interest, are you using a primary password? If you were, and the other browser managed to import your passwords without either you supplying it, or you needing to supply it to unlock them in the new browser, then that would be worrying. One other point, once you imported your Firefox data into the new browser, it probably copied it into its own data folders on your hard drive. If you simply uninstalled the other browser without removing all its data, then this data would still be there when you reinstalled. This might explain why the bookmarks etc. were already there when you set the new browser up the second time? Anyway, if you believe that Firefox should have an option to encrypt all data, and not just your passwords, then you can certainly suggest this to Mozilla via going to the Help menu and following the Share Ideas and Feedback… link. However, I suspect that once you have entered your password to unlock your bookmarks and other data in Firefox, it would be difficult to prevent other software on your system from being able to access this unlocked data also? If you can see it then they can?

Well, I checked what the primary password is good for, but it doesn't provide protection for the problem mentioned above. I don't store passwords anywhere, I haven't saved any passwords in the browser, I use my computer alone, so it's almost an unnecessary procedure. And I can even lose my data if I don't remember the primary password. It's not worth the risk because it doesn't provide you with extra security.

Helpful?

more options

Hi

Just to clarify:

You asked another browser to import your data from Firefox, and it imported the data from Firefox.

I am struggling to see what the problem is here.

Helpful?

more options

Chosen Solution

Paul said

Hi Just to clarify: You asked another browser to import your data from Firefox, and it imported the data from Firefox. I am struggling to see what the problem is here.

1. The browser saw my folders before I asked it to sync. 2. I thought that no other application could access my data, because it is protected by Mozilla.

I thought you had to ask permission from mozilla, but I was wrong. Mozilla stores the data on my computer unprotected.

I create any software on that basis, and it can access any data on my computer that is not protected. I can rummage through people's data with ease.

I have already realized that this is not only Mozilla's fault, but also Microsoft's.

Modified by info11727

Helpful?

more options

info11727 said

any software on that basis, and it can access any data on my computer that is not protected. I can rummage through people's data with ease.

And they can view all your documents and photos and any file too!

Yes, you are responsible for what software you install on your system. What you described is a malicious program, there's many out there on the internet, it's why you don't just randomly click links or install stuff.

Modified by Jared

Helpful?

more options

Jared said

info11727 said

any software on that basis, and it can access any data on my computer that is not protected. I can rummage through people's data with ease.

And they can view all your documents and photos and any file too!

Yes, you are responsible for what software you install on your system. What you described is a malicious program, there's many out there on the internet, it's why you don't just randomly click links or install stuff.


This is a Microsoft problem. I will try to write to them about this, but I am 100 percent sure that they are not interested. Especially since they have been collaborating with Google, since then Microsoft has also been spying on its users. They will not be interested in a secure installation.

Helpful?

more options

info11727 said

This is a Microsoft problem.

Sorta, it's just how the operating system works. You can view the file system on macOS and Linux from a program too. But it's definitely not a Firefox problem.

Helpful?

more options

Note that MS may also store sensitive data like websites you visited and files saved/loaded from removable devices in the registry without you being aware of. The icon cache also can store thumbnails that were ever shown on the task bar by some application.

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.