The Firefox password manager now tells you when you use leaked passwords
Mozilla has released today Firefox 76 to the Stable desktop channel for Windows, macOS, and Linux. This new release comes with with bug fixes, new features, and security patches.
The highlight of the Firefox 76 release is a suite of new features added to Firefox's built-in password manager, also known as Firefox Lockwise (available at about:logins).
Starting with Firefox 76, Mozilla says that Lockwise will now begin prompting users to enter their Mac or Windows OS account credentials before revealing any passwords in cleartext.
Mozilla said it added this feature at the request of the Firefox community. Firefox users complained that all a malicious threat actor had to do was to wait for the Firefox user to step away from their computer, then quickly access the Firefox built-in password manager to reveal and copy the user's passwords on a piece of paper.
With this new feature in place, the attacker would also have to know the user's OS credentials, lowering the chance that an intrusion like this (knwon as an "evil maid" scenario) would be successful.
Warning for known leaked passwords and breached sites
But this is only one of the features added to Firefox Lockwise in v76. Firefox's built-in password manager now also scans all of the user's stored passwords.
Mozilla says that if one of the user's passwords is identical to a password that has been leaked online, Firefox will show a warning to the user, recommending that the user change the password, as this password is now most likely part of password dictionary lists that hackers are utilizing for brute-force attacks.
Furthermore, Lockwise also received a third security improvement. Mozilla says that Lockwise is now integrated with Firefox Monitor, a Firefox service that lets users check if their credentials have been leaked online.
Starting with Firefox 76, Lockwise will show breach alerts for sites that have experienced a recent security breach where passwords have been known to have been compromised, urging users to change their credentials.
Mozilla said that users need not panic over these new features, as Firefox does not actually know their passwords, but works with encrypted versions of the credentials to keep users' privacy intact.
These are only the highlights of the Firefox 76 release. Other new features and important bug fixes are detailed in the official Firefox 76 changelog.
Firefox 76 security fixes will be listed on this page, in the following days, as users have updated to the new version.
Changes specific to web developers are detailed on this page.
Firefox users can update to v76 by using the browser's built-in update tool available under Help -> About Firefox.