Firefox, just like any other modern browser, supports the saving of authentication information to improve the sign-in process on websites. Instead of having to enter the passwords manually each time they are requested, Firefox would provide the password when needed.
Firefox saves the data in the file logins.json in the Firefox profile folder.
Reports suggest that Avast and AVG security applications cause the issue for Firefox users. It appears that the software programs somehow corrupt the login.json file so that Firefox cannot read it anymore.
It is possible that other security programs may cause the issue as well.
Good news is that the passwords are still there and that affected users should be able to recover them on their devices. Bad news is that this is only a temporary solution as the files will be corrupted again unless Avast updates its software programs to address the issue.
In other words: the issue is not caused by Firefox, it is caused by third-party software that corrupts the logins file of the Firefox web browser.
Update 2: AVG provided the following statement:
Some AVG users recently may have been unable to access their browser passwords when using Firefox. This only applied to those who purchased the AVG Password Protection feature and the issue was fixed today at 12:20pm. Avast users were not affected. This happened because Firefox updated its certificates for sign in to the new version of the browser and AVG did not have this new certificate marked in its database as trusted.
The problem was fixed today for AVG users at 12:20 CET and an update was distributed immediately to our user base. AVG checks for updates every four hours, and users can also manually update their software under their AVG settings -> Update. Users with product version VPS 190614-02 and newer will not experience any issues.
For those affected, Firefox has not deleted the password file but will have renamed it to from ‘logins.json’ to something like ‘logins.json.corrupt’ (or ‘logins.json-1.corrupt’, ‘logins.json-2.corrupt’, etc.). This means the passwords are not lost, but the user will need to rename the file back to ‘logins.json’. We recommend the user does a backup of these ‘logins.json’ files, for example to another folder, before renaming them. The password file is typically stored in the Firefox profile directory: c:\Users\<user-name>\AppData\Roaming\Mozilla\Firefox\Profiles\<random-string>.default\logins.json
We apologize for any inconvenience this may have caused to the affected users.
Update 3: Mozilla released an add-on to restore the passwords on affected systems.
The fix is a temporary one as the logins file will corrupt again when you restart the system.
One option to fix the issue on the user's end would be to exclude Firefox or the file from scans. Other than that, you either have to wait for AVG/Avast to issue a patch that addresses the problem or remove the software from the system.
Some Firefox users fixed the issue by rolling back to Firefox 67.0.1; AVG/Avast software appears to play fine with that version of the browser.
The incident is not the first time that AVG or Avast software caused issues in Firefox. When Firefox 61 was released in mid 2018, the browser suddenly threw Secure Connection Failed errors when attempting to connect to HTTPS sites. Then in February 2019, users would get SEC_ERROR_UNKNOWN_ISSUER when connecting to secure sites. Turned out that the issues were caused by the security software.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.