Where are my browser passwords stored?

Chromium and Chrome

Store passwords in three ways:

1. GNOME Keyring
2. KWallet 4
3. plain text

Chromium chooses which store to use automatically, based on your desktop environment.

Passwords stored in GNOME Keyring or KWallet are encrypted on disk, and access to them is controlled by dedicated daemon software. Passwords stored in plain text are not encrypted. Because of this, when either GNOME Keyring or KWallet is in use, any unencrypted passwords that have been stored previously are automatically moved into the encrypted store.

Source for Chromium.

The manual page for google chrome (man google-chrome) shows:

--password-store=<basic|gnome|kwallet>
          Set the password store to use.  The default is to  automatically
          detect  based  on  the  desktop  environment.  basic selects the
          built in,  unencrypted  password  store.   gnome  selects  Gnome
          keyring.  kwallet selects (KDE) KWallet.  (Note that KWallet may
          not work reliably outside KDE.)

Chrome uses the same method as Chromium. And you can use above setting to switch to plain text passwords (not recommended of course).

Chrome (older versions)

Passwords are stored in ~/.config/google-chrome/Default/Login\ Data and that is a sqlite database file (that file is encrypyed).

This login database file is in SQLite format which is lighter version of popular SQL database. In addition to login credentials it also stores other information such as auto complete entries, IE7 Logins, search keywords etc. The 'logins' table is where all the login or sign-on secrets are stored by Chrome. This table contains following interesting fields

Origin_URL - Base URL of the website
Action_URL - Login URL of the website
Username_element - Name of the username field in the website
Username_value - Actual username
Password_element - Name of the password field in the website
Password_value - Encrypted password
Date_created - Date when this entry is stored
Blacklisted_by_user - Set to 1 or 0 based on if website is blacklisted or not.

Except the password field all other fields are entered in clear text. The password for all stored websites is encrypted using Triple DES algorithm seeded with logged on user's password. That means login secrets cannot be decrypted across the user or system boundaries unless under certain conditions.

Source for Microsoft Windows.

Firefox

See ~/.mozilla/firefox/<profilename>

Your passwords are stored in the key4.db and logins.json files.

Source.