This may be a minor point, but I was browsing through the firefox stored passwords, and noticed that it had my root password in there. This happened when I installed my printer via CUPS. It must have offered to remember the password and I clicked yes as usual. It's probably not a good idea to have roots password stored on your hard drive, even encrypted in firefox. I just thought I'd point this out.

It's not a good idea to have passwords stored at all. They can't "encrypt" your password because they still need to store the key to "decrypt" it somewhere, which defeats the point.

So your saying stored passwords in firefox are a security risk? Things like paypal and email passwords? I use firefox password manager a lot.

If someone gets access to your box, and your user account, they have your passwords.

Maybe use the "master password" feature?

That's probably a good idea to use the master password. I've got a lot of info in firefox. It is a bit of a security loophole though. Stored passwords are a godsend. The reason I was looking through them is because i got caught up in an ebay scam. Someone was selling a hifi for a great price, saying to email them personally to buy it now. I emailed them and then ebay removed it saying someone's account had been compromised and it was a scam. Now this person has my email address. I didn't send any money, but I've changed my registered email address and passwords.

Personally, I would have Firefox (or any other browser) never remember passwords. It's not that hard to type it every time, just a few extra keystrokes.
Go to Preferences -> Passwords and make sure the Remeber Passwords box is unchecked, then clear all saved passwords, then whenever it offers to remember a password cleck Never For This Site.
And always "log out" or "sign out" when finished to erase cookies that might have ID/password combinations in them.

What kind of encryption/hashing is used in Firefox? That would suprise me if you can decode an encrypted password.

I'm not sure I see a security problem in storing passwords in firefox but I may be wrong.
Any scenario?
Maybe with XSS (CrossSiteScripting) but I'm not even sure.

I store all my password in Firefox coz I'm lazy

Well like he says, if someone gets access to your user account, they can get the passwords. As user I can view them in firefox. I'm not even sure they're encrypted. All I can do is set a master password or not use them at all.

Ah yes you're right, I've missed the point
Sure I use master password. But I'm still wondering if by XSS even with master password it is not possible to get your password.. as they stay in memory for a while