Firefox-Passwords-Decryptor: Extracts and decrypts passwords saved in Firefox

Is it even safe to use browser-integrated password managers? I think they're so much easier to use than external solutions such as KeepassXC, but if it's so easy to decrypt their databases...

What is your risk model? An attacker who can install cameras in your house to see your PIN/password? An attacker with a blunt object and the clear intent to harm you if you don't unlock your phone? Your spouse who you trust enough to loan your device to look at a cat pic?

My threat model is accidentally installing malware that reads the database of my passwords. I trust my KeepassXC database because I use a strong and long password, so even if malware can read my KeepassXC file, it won't be able to extract the passwords. I feel like Firefox is not as safe.

So malware which installs a key scanner to read everything you enter is outside of your threat model, as is external surveillance to record what you type.

Choose a password manager which you like. I like having a paper book with a dumb-ass encryption scheme, because my threat model is that I am not going to worry about physical attacks, and servers will detect attempts to brute-force the dumb-ass scheme by adding delays after the first few failures.

I use Firefox's manager for my Mastodon accounts, because no one cares for my 10 followers, and the instance manager can resolve things if needed.