Jump to content

If you lost all passwords in Firefox, read this!


Karlston

Recommended Posts

If you lost all passwords in Firefox, read this!

Reports are coming in by Firefox users from all over the world that saved passwords are no longer available when they start the web browser.

 

Firefox, just like any other modern browser, supports the saving of authentication information to improve the sign-in process on websites. Instead of having to enter the passwords manually each time they are requested, Firefox would provide the password when needed.

 

Firefox saves the data in the file logins.json in the Firefox profile folder.

 

Reports suggest that Avast and AVG security applications cause the issue for Firefox users. It appears that the software programs somehow corrupt the login.json file so that Firefox cannot read it anymore.

It is possible that other security programs may cause the issue as well.

 

Good news is that the passwords are still there and that affected users should be able to recover them on their devices. Bad news is that this is only a temporary solution as the files will be corrupted again unless Avast updates its software programs to address the issue.

 

In other words: the issue is not caused by Firefox, it is caused by third-party software that corrupts the logins file of the Firefox web browser.

Fixing the lost password issue

firefox logins json corrupt

 

  1. Open the Firefox web browser.
  2. Load about:support.
  3. Click on the "open folder" link near the top of the page that opens; this opens the profile folder.
  4. Close Firefox.
  5. Check if you see a file called logins.json.corrupt.
  6. If you do, rename the file to logins.json to fix it.
  7. Start Firefox. The passwords should be available again.

The fix is a temporary one as the logins file will corrupt again when you restart the system.

 

One option to fix the issue on the user's end would be to exclude Firefox or the file from scans. Other than that, you either have to wait for AVG/Avast to issue a patch that addresses the problem or remove the software from the system.

 

Some Firefox users fixed the issue by rolling back to Firefox 67.0.1; AVG/Avast software appears to play fine with that version of the browser.

 

The incident is not the first time that AVG or Avast software caused issues in Firefox. When Firefox 61 was released in mid 2018, the browser suddenly threw Secure Connection Failed errors when attempting to connect to HTTPS sites. Then in February 2019, users would get SEC_ERROR_UNKNOWN_ISSUER when connecting to secure sites. Turned out that the issues were caused by the security software.

 

Update: Here is the official bug by Mozilla that highlights the issue. (thanks Techdows)

 

Update 2: AVG provided the following statement:

Some AVG users recently may have been unable to access their browser passwords when using Firefox. This only applied to those who purchased the AVG Password Protection feature and the issue was fixed today at 12:20pm. Avast users were not affected. This happened because Firefox updated its certificates for sign in to the new version of the browser and AVG did not have this new certificate marked in its database as trusted.

The problem was fixed today for AVG users at 12:20 CET and an update was distributed immediately to our user base. AVG checks for updates every four hours, and users can also manually update their software under their AVG settings -> Update. Users with product version VPS 190614-02 and newer will not experience any issues.

For those affected, Firefox has not deleted the password file but will have renamed it to from ‘logins.json’ to something like ‘logins.json.corrupt’ (or ‘logins.json-1.corrupt’, ‘logins.json-2.corrupt’, etc.). This means the passwords are not lost, but the user will need to rename the file back to ‘logins.json’. We recommend the user does a backup of these ‘logins.json’ files, for example to another folder, before renaming them. The password file is typically stored in the Firefox profile directory: c:\Users\<user-name>\AppData\Roaming\Mozilla\Firefox\Profiles\<random-string>.default\logins.json

We apologize for any inconvenience this may have caused to the affected users.

 

 

 

Source: If you lost all passwords in Firefox, read this! (gHacks - Martin Brinkmann)

Link to comment
Share on other sites


  • Replies 4
  • Views 1.3k
  • Created
  • Last Reply
42 minutes ago, Karlston said:

The fix is a temporary one as the logins file will corrupt again when you restart the system.

What about having a copy of the not-corrupted logins.json file to replace the corrupted one with a batch at every startup?

While waiting for the fix ;)

Link to comment
Share on other sites


The AchieVer

How to Recover Lost Passwords in Mozilla Firefox 

The issue affects the latest stable version of Firefox

 

If you’re a Firefox user and your passwords are nowhere to be seen starting today, you’re not alone.

An issue hitting the latest version of Mozilla Firefox (67.0.2) on devices where certain antivirus solutions are installed appears to be causing the passwords stored in the browser to no longer be available for users.

As many other modern browsers, Firefox offers to save passwords for the accounts users log into when navigating the web. For example, you can allow Firefox to store your Google credentials for more convenient authentication when trying to check your Gmail inbox.

But beginning today, all these passwords appear to be gone, and Firefox no longer automatically fills credential fields for automatic authentication.

Fortunately, the saved passwords aren’t actually deleted because everything’s caused by an issue impacting the login file that the browser uses to store and read data. As it turns out, Avast and AVGsecurity products are the ones causing the problems after the latest updates.

So right now, your device must be running the following software to encounter the bug:
 
· Mozilla Firefox 67.0.2
· Avast Antivirus OR AVG Antivirus

SH was the first to report the issue and TechDows indicates that a temporary workaround already exists, albeit a full patch is still required for impacted devices.

First and foremost, it’s important to understand what happens. The scanning process initiated by the two security products corrupt the login.json file that Firefox relies on to read information about the stored passwords.

The file is loaded on launch, and because it’s corrupted, Firefox no longer lists any passwords within the application, therefore the app isn’t capable of providing the said authentication.

However, it’s important to note that your passwords are not lost.

There are basically two methods to restore the apps, and they involve downgrading to Firefox 67.0.1, which apparently works correctly with the said antivirus apps, and manually fixing the corrupted login.json file.

While the first method is rather straightforward, let’s see how you can fix the corrupted file.

First of all, you need to find the location of the file. To do this, open the browser and then in the address bar, type the following code:

about:support

Click the link that reads open folderto open the profile folder in File Explorer. Next, you need to close the browser and continue working with the folder you just opened in File Explorer.

Basically, at this point you should see a file called:

logins.json.corrupt

This means the logins file is indeed corrupted, and you can repair it by simply renaming it to the original name. To do this, right-click the file, click rename, and then set the following name:

logins.json

Save your changes, and the next time you launch Firefox, everything should work correctly and the passwords should be back in the app.

However, as I said earlier, this workaround is only temporary, as the file would be corrupted once again when you reboot the system.

Going back to Firefox 67.0.1 and blocking the update to the latest release could help you deal with this easier until a full fix is released.

Needless to say, a full patch is absolutely mandatory to resolve the issue, albeit no company has acknowledged the issue so far.

The issue impacts any Windows versions, so it’s not just limited to Windows 10. Users are also recommended to back up their passwords after restoring them, just in case the corrupted file can’t be recovered at a later time. This should help prevent data loss until a patch lands.
 

 

Source

Link to comment
Share on other sites


Updates to the original article (first post updated too)...

 

Update: Here is the official bug by Mozilla that highlights the issue. (thanks Techdows)

 

Update 2: AVG provided the following statement:

Some AVG users recently may have been unable to access their browser passwords when using Firefox. This only applied to those who purchased the AVG Password Protection feature and the issue was fixed today at 12:20pm. Avast users were not affected. This happened because Firefox updated its certificates for sign in to the new version of the browser and AVG did not have this new certificate marked in its database as trusted.

The problem was fixed today for AVG users at 12:20 CET and an update was distributed immediately to our user base. AVG checks for updates every four hours, and users can also manually update their software under their AVG settings -> Update. Users with product version VPS 190614-02 and newer will not experience any issues.

For those affected, Firefox has not deleted the password file but will have renamed it to from ‘logins.json’ to something like ‘logins.json.corrupt’ (or ‘logins.json-1.corrupt’, ‘logins.json-2.corrupt’, etc.). This means the passwords are not lost, but the user will need to rename the file back to ‘logins.json’. We recommend the user does a backup of these ‘logins.json’ files, for example to another folder, before renaming them. The password file is typically stored in the Firefox profile directory: c:\Users\<user-name>\AppData\Roaming\Mozilla\Firefox\Profiles\<random-string>.default\logins.json

We apologize for any inconvenience this may have caused to the affected users.

 

 

Source: If you lost all passwords in Firefox, read this! (gHacks - Martin Brinkmann)

Link to comment
Share on other sites


I never save passwords in a browser in case of a vulnerability or an exploit that will expose them. I think password management software would be the best option to avoid issues like the one users are experiencing with firefox.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...