Rated 1 out of 5 stars

by pk on March 20, 2013 ·

Unusable. Asks EVERYTIME upon startup for ALL passwords stored in the login keychain (I have tons of it). It should ask only for those that it needs, especially that there is no option to 'Deny Always' only to 'Always Allow' and 'Allow' in the keychain app (at least mine). Using Mac OS 10.6.8 and Thunderbird 17.0.4.

This review is for a previous version of the add-on (1.1.5.1-signed.1-signed). 

by Julian Fitzell (Developer) on March 20, 2013 ·

That shouldn't be happening, obviously (and I just tested that version of Thunderbird—it works ok for me)

Two things to try:
1) Make sure your OS X thinks your Thunderbird binary is correctly signed.
From a Terminal, run (adjust the path to the app as necessary):
codesign -vvvv /Applications/Thunderbird.app
You should see:
Thunderbird.app: valid on disk
Thunderbird.app: satisfies its Designated Requirement
If not, delete Thunderbird and reinstall.

2) Enable debug logging:
- Go to Preferences, Advanced, General Tab, and click on the Config Editor button
- search for signon.debug - double click to set it to true
- restart
You should now see more detailed logging either in the Error Console. If that doesn't obviously identify the problem for you, please feel free to report a bug: http://code.google.com/p/mozilla-keychain/

Rated 4 out of 5 stars

by MateMathieu on March 3, 2013 ·

Very useful indeed.
However there is no explanation to change the setting that is asked at first when we install this addon. This setting allows to use the key password across different web browser or not. Where is it?

This review is for a previous version of the add-on (1.1.5.1-signed.1-signed).  This user has a previous review of this add-on.

Rated 5 out of 5 stars

by co-operate on Jan. 6, 2013 ·

This is truly the best add-on for Firefox on Apple Mac OSX: More secure than Firefox's own passwor dstorage mechanism. Passwords sync beautifully with Safari. For me, this makes 1Password obsolete - and it's completely free!

This review is for a previous version of the add-on (1.1.3.1-signed.1-signed).  This user has a previous review of this add-on.

Rated 4 out of 5 stars

by Firefox user 3437a3 on June 30, 2012 ·

I like it very much! This is a key feature to make Firefox much more fun in OSX!

Questions:
1) Does Firefox not use it's own password storage anymore?
2) How save is this extension? Does it itself ever see the password or is all of this handled by the OSX keychain services?

This review is for a previous version of the add-on (1.1.3.1-signed.1-signed). 

by Julian Fitzell (Developer) on June 30, 2012 ·

1) The original password storage is basically left alone so that it's still there if you disable the extension. I should probably add a button somewhere to erase it but have never got around to it. If no matching passwords are found in the Keychain, it does make an effort to fall through to the legacy storage; also passwords for non-standard protocols (i.e. for Mozilla Sync) are stored there because more work would be needed to find a way to store them in the Keychain.
2) Firefox (via the extension) has access to any passwords to which you "Allow" access from the operating system. OS X prevents apps from accessing other passwords (though all the other fields in the keychain are publicly readable by all). It's not a token system like Kerberos, so the applications *do* see the passwords. Code running inside web pages should not have access to the keychain since the Mozilla engine only grants code running as an extension enough privileges to do so.

Hope that helps.

Rated 5 out of 5 stars

by norz on March 11, 2012 ·

NB: if you use Firefox sync, you'll still need to enter Firefox's master password, even if your Mac Keychain is unlocked. "Firefox Sync is not yet properly supported - these passwords will still be written to your Firefox password storage." (Developer comments on this page, v 1.1.3.)

This review is for a previous version of the add-on (1.1.3.1-signed.1-signed). 

Rated 4 out of 5 stars

by ChaosClockwork on March 10, 2012 ·

When ever the "Keychain" popup to allow or deny appears, the "Keyboard Viewer" also pops up.

OS X 10.6.8
Firefox 10.0.2

This review is for a previous version of the add-on (1.1.3.1-signed.1-signed). 

Rated 5 out of 5 stars

by brutuscat on Jan. 4, 2012 ·

Great! It seems to work with the current Aurora release :D

This review is for a previous version of the add-on (1.1.2.1-signed.1-signed). 

Rated 5 out of 5 stars

by darkslide on Dec. 14, 2011 ·

Great addon! I really don't understand why you commented out the support for Thunderbird... it works just as well in there and I'd say it's even more useful (who wants to type their password every time they read email?)

One minor bug is that it does not work with Thunderbird's integrated LDAP support. It seems that the built-in URI parser you used does not accept the ldaps scheme. I've replaced the functions _uri and _url in modules/MacOSKeychain.jsm with the following quick-and-dirty parsing code and it works like a charm:

function _uri (uriString) { return _url(uriString); }
function _url (urlString) {
if (!_url.parser) _url.parser = /^(https?|ftps?|irc|nntp|pop3s?|imaps?|ldaps?|afp|ssh|smb|ipps?|svn|smtps?):\/\/(?:[-a-z0-9.]+(?::[^@\s]+)?@)?([a-z0-9](?:[-a-z0-9.]*[a-z0-9])?)(:[0-9]{1,5})?(?:\/[^\s]*)?$/i;
var match = urlString.match(_url.parser);
if (!match) throw Error("Not a valid url: " + urlString);
var port = -1;
if (match[3]) port = match[3].substring(1, match[3].length);
return {
scheme: match[1],
host: match[2],
port: port,
spec: urlString
};
}

This review is for a previous version of the add-on (1.1.2.1-signed.1-signed). 

by Julian Fitzell (Developer) on Jan. 12, 2012 ·

Thanks for the report - I've created an issue at http://code.google.com/p/mozilla-keychain/issues/detail?id=45

I've enabled TB support in 1.1.3 but I don't use TB myself and I know there are some issues remaining (such as passwords not being shared with Mail.app and the Show Passwords button still being displayed in Preferences).

Rated 3 out of 5 stars

by gilsa on Dec. 11, 2011 ·

Very good application but there is a substantial problem I encountered (I am not sure whether this is due to a problem in my computer though).
When I first start Firefox, it asks for the Keychain password: no problem there. But once I enter the password Firefox does not ask for it again after I lock the keychain in Keychain Access: I quit and restart Firefox, and the passwords are still available!
(hence: locking the keychain in the system does not affect the application and vice versa: Unlocking the Keychain in FF does not unlock keychain systemwide.)

This review is for a previous version of the add-on (1.1.2.1-signed.1-signed). 

by Julian Fitzell (Developer) on Dec. 11, 2011 ·

...that firefox maintains a cache of passwords it has used, but only for a minute or so. Other than that, the operating system maintains access to the keychain - so when it's locked no application is able to access the passwords. Note, however, that all the data *except* the password (i.e. username and so on) are available even if the keychain is locked.

If Firefox is able to access passwords from a locked keychain after its own cache has expired, that is a serious security problem and should be reported to Apple - I've never seen such behaviour, however.

Cheers!

Rated 4 out of 5 stars

by PaThKu on Nov. 24, 2011 ·

As someone coming back from Chrome, there's no way to export my login info back to FF. This nifty extension adds support that Mozilla should have added long ago. The only reason I give this 4 stars is because Keychain asks for permission every time I need to use a password (at least the first time, that is). There should be a way to tell keychain to allow FF to access all keychains, once that's added, this gets a 5

This review is for a previous version of the add-on (1.1.2.1-signed.1-signed). 

Rated 5 out of 5 stars

by pfbz on Nov. 12, 2011 ·

I use multiple browsers (Firefox, chrome, safari, opera). This add-in does a great job of keeping my passwords available between browsers and stored in the OSX keychain.

This review is for a previous version of the add-on (1.1.2.1-signed.1-signed). 

Rated 1 out of 5 stars

by Levoy on Oct. 22, 2011 ·

doesn't work. I installed the plug-in and now the FF data is in Keychain (yes, I looked to confirm). The autofill boxes are checked in Safari but I've tried several sites and the usernames imported from FF don't autofill. If I create the entry with Safari the autofill works.

This review is for a previous version of the add-on (1.1.2.1-signed.1-signed). 

Rated 5 out of 5 stars

by Eric on July 26, 2011 ·

Great addon, just wish it specified that it worked in Thunderbird. I've used 1.1.2 in Thunderbird 3.1 and 5.0 by editing the install.rdf file in the XPI by hand to declare support

This review is for a previous version of the add-on (1.1.2.1-signed.1-signed).  This user has a previous review of this add-on.

Rated 5 out of 5 stars

by quinode on July 12, 2011 ·

If, like me you're dependant on this extension for your work (aka switching browsers to access many web-apps)please vote on this site :http://getsatisfaction.com/mozilla/topics/firefox_integration_for_keychain_in_macs



Julian, if you need to raise some donations to make it work under FF5, please setup a page so we can support your work

This review is for a previous version of the add-on (1.1.1.1-signed.1-signed). 

Rated 4 out of 5 stars

by woodengod on July 7, 2011 ·

Can you make this wonderful extension to work with Thunderbird 5 please?

This review is for a previous version of the add-on (1.1.1.1-signed.1-signed).  This user has a previous review of this add-on.

Rated 5 out of 5 stars

by regagain on June 28, 2011 ·

This extension solves my biggest complain about using Firefox on a Mac. Kudos!

This review is for a previous version of the add-on (1.1.1-signed.1-signed). 

by Julian Fitzell (Developer) on June 29, 2011 ·

Rated 4 out of 5 stars

by firestorm99 on June 12, 2011 ·

Doing a good job, but import from firefox password safe to keychain is still not working.

This review is for a previous version of the add-on (1.1.1-signed.1-signed). 

by Julian Fitzell (Developer) on June 29, 2011 ·

... once approved to appear on the site.

Rated 5 out of 5 stars

by ToonMasterTim on May 10, 2011 ·

Having Keychain support on the Mac is a feature I really wanted from Firefox and now I have it thanks to this wonderful extension. Thank you so much for making this possible through your hard work and excellent programming. It works and it looks great.

This review is for a previous version of the add-on (1.1.1-signed.1-signed). 

Rated 3 out of 5 stars

by linglouis on May 7, 2011 ·

You said: "Passwords in the keychain are shared by all kinds of apps, including Safari".

That doesn't seem to be the case. I installed the add-on but then I don't see any of my old Firefox saved passwords appearing in Safari. To be fair, if I now add a new saved password in Firefox (after installing this add-on), it does show up in Safari.

This is a bit disappointing though. I was hoping my existing Firefox passwords (before I installed this add-on) would also be migrated to Safari.

This review is for a previous version of the add-on (1.1.1-signed.1-signed). 

by Julian Fitzell (Developer) on June 29, 2011 ·

The first time you run firefox with the extension loaded, it will prompt you to ask if you want to import your existing passwords. Unfortunately, this was broken in 1.1. Version 1.1.1 fixes the problem, though you'll have to set the preference "extensions.macos-keychain@fitzell.ca.startup-import-prompt" back to true and restart firefox if you want it to prompt you again.

Rated 5 out of 5 stars

by seth_milliken on March 24, 2011 ·

Keychain Services Integration does one thing and does it well. Very happy to see 4.0 support. Thank you, Julian!

This review is for a previous version of the add-on (1.1.1-signed.1-signed).