Stealing All Firefox Passwords PoC.

I wrote about this before, but this is a real PoC of how one can steal all Firefox passwords from someone. I made this example to show how dangerous it is to save web pages to your desktop, or hard drive. Unless one finds a serious flaw it is pretty hard to call the password manager remotely. Finding such flaws are very rare and exotic. So, next thing we could obviously do is to let it run from the users PC. There are plenty of ways to force a user to download a file, or install HTML files and maybe a file which isn't what he thinks it is. Or to stream it of the server as an attachement. Open the example below and follow instructions, I won't send your Firefox passwords, but I could if I wanted to. PoC's are always fun to make.