If you lost all passwords in Firefox, read this! - gHacks Tech News

ADVERTISEMENT

If you lost all passwords in Firefox, read this!

Reports are coming in by Firefox users from all over the world that saved passwords are no longer available when they start the web browser.

Firefox, just like any other modern browser, supports the saving of authentication information to improve the sign-in process on websites. Instead of having to enter the passwords manually each time they are requested, Firefox would provide the password when needed.

Firefox saves the data in the file logins.json in the Firefox profile folder.

Reports suggest that Avast and AVG security applications cause the issue for Firefox users. It appears that the software programs somehow corrupt the login.json file so that Firefox cannot read it anymore.

It is possible that other security programs may cause the issue as well.

Good news is that the passwords are still there and that affected users should be able to recover them on their devices. Bad news is that this is only a temporary solution as the files will be corrupted again unless Avast updates its software programs to address the issue.

In other words: the issue is not caused by Firefox, it is caused by third-party software that corrupts the logins file of the Firefox web browser.

Update: Here is the official bug by Mozilla that highlights the issue. (thanks Techdows)

Update 2: AVG provided the following statement:

Some AVG users recently may have been unable to access their browser passwords when using Firefox. This only applied to those who purchased the AVG Password Protection feature and the issue was fixed today at 12:20pm. Avast users were not affected. This happened because Firefox updated its certificates for sign in to the new version of the browser and AVG did not have this new certificate marked in its database as trusted.

The problem was fixed today for AVG users at 12:20 CET and an update was distributed immediately to our user base. AVG checks for updates every four hours, and users can also manually update their software under their AVG settings -> Update. Users with product version VPS 190614-02 and newer will not experience any issues.

For those affected, Firefox has not deleted the password file but will have renamed it to from ‘logins.json’ to something like ‘logins.json.corrupt’ (or ‘logins.json-1.corrupt’, ‘logins.json-2.corrupt’, etc.). This means the passwords are not lost, but the user will need to rename the file back to ‘logins.json’. We recommend the user does a backup of these ‘logins.json’ files, for example to another folder, before renaming them. The password file is typically stored in the Firefox profile directory: c:\Users\<user-name>\AppData\Roaming\Mozilla\Firefox\Profiles\<random-string>.default\logins.json

We apologize for any inconvenience this may have caused to the affected users.

Update 3: Mozilla released an add-on to restore the passwords on affected systems.

Fixing the lost password issue

firefox logins json corrupt

  1. Open the Firefox web browser.
  2. Load about:support.
  3. Click on the "open folder" link near the top of the page that opens; this opens the profile folder.
  4. Close Firefox.
  5. Check if you see a file called logins.json.corrupt.
  6. If you do, rename the file to logins.json to fix it.
  7. Start Firefox. The passwords should be available again.

The fix is a temporary one as the logins file will corrupt again when you restart the system.

One option to fix the issue on the user's end would be to exclude Firefox or the file from scans. Other than that, you either have to wait for AVG/Avast to issue a patch that addresses the problem or remove the software from the system.

Some Firefox users fixed the issue by rolling back to Firefox 67.0.1; AVG/Avast software appears to play fine with that version of the browser.

The incident is not the first time that AVG or Avast software caused issues in Firefox. When Firefox 61 was released in mid 2018, the browser suddenly threw Secure Connection Failed errors when attempting to connect to HTTPS sites. Then in February 2019, users would get SEC_ERROR_UNKNOWN_ISSUER when connecting to secure sites. Turned out that the issues were caused by the security software.

Summary
If you lost all passwords in Firefox, read this!
Article Name
If you lost all passwords in Firefox, read this!
Description
Reports are coming in by Firefox users from all over the world that saved passwords are no longer available when they start the web browser.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. Benjamin said on June 14, 2019 at 7:01 am
    Reply

    i still use the old mozbackup http://mozbackup.jasnapaka.com/ to create easy backups of firefox and so on. It still works without fail and what will be saved or restored can be selected as well. With this it is simple to transfer firefox setups from one computer to the next… in the backups there are the password data and all other json files… since the password file is not updated so often even an older backup will recover this file in a usable manner. Next to the bookmarks the password data file are the most important for me…

    1. Peter said on June 14, 2019 at 1:54 pm
      Reply

      I too have been using MozBckup for years, to backup FF and Sunbird calendar. So far, it continues to work wonderfully under Win 10 v1903.

  2. Gary D said on June 14, 2019 at 7:25 am
    Reply

    Before commenting, please read the article very carefully.

    As Martin states, it is the fault of AVAST and AVG software that this is happening so direct your venom and anger at them.
    This is NOT the first time that this has occured with this security software.

    No anti Firefox comments or trolling please.

    1. Fanboys fanboy said on June 14, 2019 at 10:02 am
      Reply

      Found a Firefox fanboy.

      1. patrick said on June 14, 2019 at 12:45 pm
        Reply

        lol, correct, firefox should be more robust against bs software

    2. Clairvaux said on June 14, 2019 at 1:58 pm
      Reply

      “No anti Firefox comments or trolling please.”

      Hahaha, that’s funny. I guess Martin Brinkmann is no longer in command, and “Gary D” is the new boss here.

      That tells you all you need to know about the rotten mentality of some Firefox apologists.

      My advice would be : don’t trust your passwords to a browser (especially not if it’s Firefox, since Mozilla has shown repeatedly they don’t care about backward compatibility).

      Passwords belong to a password manager, full stop.

      1. Gary D said on June 14, 2019 at 4:53 pm
        Reply

        @ Clairvaux

        “That tells you all you need to know about the rotten mentality of some Firefox apologists.”

        I gather from that dumb remark that you are an avid fanboy of Chrome. Or is it Edge, Bing, IE11 ?

        If you use Chrome, I hope that you do not use ublock origin as Google is about screw ad blockers up. Read Martin’s post.

        I have noticed in the past that you love making barbed and nasty comments about other posters. A little less vitriol and a little more equanimity might help you cope with everyday set backs.

      2. Anonymous said on June 15, 2019 at 11:09 am
        Reply

        “If you use Chrome, I hope that you do not use ublock origin as Google is about screw ad blockers up.”

        And interestingly, after several months of controversy, Mozilla (with most of its revenue from Google) has not yet done any official declaration that they disagree with Google. But we have heard Mozilla employees supporting Google lies by stating their personal opinion that ad-blockers are indeed a security and performance problem, and one of them has recently said that Mozilla ponders the idea of adding a “scarier warning” for Firefox users who wish to install one. This would go in the wrong direction, just not as fast as Google. Mozilla’s definition of fighting for the users.

    3. Seagulldom said on July 3, 2019 at 8:17 pm
      Reply

      I don’t have AVAST or AVG and it’s just happened to me. I use Avira.

  3. Harro Glööckler said on June 14, 2019 at 8:06 am
    Reply

    I wonder who will be blamed now by the “It’s Microsoft’s fault!!!” people that defended Avast/AVG last time when it screwed up Windows…

    The solution to most computer problems is simple – get rid of any 3rd party antivirus and use built-in Defender. I can’t believe how many issues just disappeared after uninstalling Avast some years ago.

    1. Anonymous said on June 14, 2019 at 4:28 pm
      Reply

      If you want to.

      Windows 10’s security is basic and oftentimes insufficient to protect you from every danger online/.

      Hackers and programmers of malware become intimately familiar with built-in antivirus software, like Windows Defender, and they design their programs to work around them. Additionally, the built-in software gets updated less frequently than dedicated antivirus software, so it can’t protect you from the latest threats. While it will protect you from certain dangers, for top-of-the-line, full protection, you need .

  4. Mike O said on June 14, 2019 at 8:11 am
    Reply

    inb4 stop using Avast/AVG and don’t store passwords in browser

  5. John IL said on June 14, 2019 at 12:31 pm
    Reply

    Yeah I stopped using those free AV solutions years ago when they began to show signs of being just as much the problem as the solution. Defender built into Windows 10 seems to work just fine and half the battle is being a smart web users.

  6. Ficho said on June 14, 2019 at 12:43 pm
    Reply

    No problems here.
    Firefox 67.0.2 x64
    Latest version of Avast Free
    Maybe the culprit is some paid component or browser add-on from Avast.

  7. Meh said on June 14, 2019 at 2:17 pm
    Reply

    It happened to me with firefox in linux while i had no avast and avg.

  8. kalmly said on June 14, 2019 at 3:12 pm
    Reply

    Gave up on AVG many years ago. Gave up on AVAST three years ago. So glad I did, but I have to say, I do NOT store my passwords in any browser. I use KeePass exclusively.

    1. clas said on June 15, 2019 at 1:47 pm
      Reply

      ditto

    2. Eva said on June 17, 2019 at 7:18 pm
      Reply

      Which antivirus software do you use/recommend now? I’m still using Avast..

  9. Coriy said on June 14, 2019 at 4:20 pm
    Reply

    Okay, this is wild. Years ago Mozilla and its variants switched to SQLite Databases, but left the passwords in an easily accessible plaintext file. How wonderfully secure, is that?
    Not much, any worm could copy the file and somehow I doubt its all that secure an encryption algorithm. But I’m sure one of you boffins will know.

    1. VioletMoon said on June 14, 2019 at 7:59 pm
      Reply

      According to Raymond CC, Firefox password manager is quite safe if used correctly:

      https://www.raymond.cc/blog/how-to-find-hidden-passwords-in-firefox/

      Tools from Nirsoft may be helpful in some situations:

      https://www.nirsoft.net/utils/web_browser_password.html

      “This happened because Firefox updated its certificates for sign in to the new version of the browser and AVG did not have this new certificate marked in its database as trusted.”

      The question remains, however: Does this indicate that AVG provides superior protection because of Mozilla’s inability to pass on changed certificates which only an AVG product discovered? Or does it make AVG an inferior product because other password managers don’t rely on Mozilla to pass on updated certificates?

  10. Juraj Mäsiar said on June 14, 2019 at 8:30 pm
    Reply

    I feel like I should mentioned this here – recently I’ve developed simple add-on that can help you store passwords even on pages that tries to disable it for you, like some banks or just badly designed pages. It’s called Save my Password:

    https://addons.mozilla.org/firefox/addon/save-my-password/

  11. Richard Steven Hack said on June 14, 2019 at 11:55 pm
    Reply

    It’s a bad idea to store passwords in a browser in any event. I recall a report from some years ago from researchers determining that something like 60% of the passwords in hacker password stores they researched apparently came from browser password caches.

    Browser password caches simply aren’t as secure as storing them in password managers – or better, manually entering them.

  12. Robert Ab said on June 15, 2019 at 10:21 pm
    Reply
  13. cito said on June 16, 2019 at 10:55 am
    Reply

    Had the issue two days ago and cost couple of hours. I noticed that even after reinstaling Firefox and starting over with a blank list, it soon got corrupted again. After completely removing FF and new install with new profile and overwritten with couble of month old profile backup – it finally worked, but this could have been the time, the AVG update was rolled out. Good to always have some backups of logins.json, key[34].db and booksmarks or better backup the whole profile.

    Love Firefox since start. Still have a copy of Netscape Navigator 2.0 from 1995 on my HD =D Thank’s for all the work developers.

  14. W flinn said on August 3, 2019 at 7:27 pm
    Reply

    It may well be that avast and avg have caused a problem but I do not use either but still ‘lost’ all passwords and user id’s . They all went missing immediately following the latest update to 68.0.1.ie as soon as the update was finished the passwords were gone and nothing to do with security software on my PC . I recovered everything to normal by going to an earlier backup .

  15. Anonymous said on August 8, 2019 at 6:15 am
    Reply

    don’t have avg. updated my firefox and all my passwords disappeared. twice and the horse you rode in on.

  16. Anonymous said on August 14, 2019 at 4:28 am
    Reply

    Not only did it corrupt my password logins, it corrupted my passwords so I lost multiple accounts, especially the e-mail account those accounts were linked to.

  17. Concerned Firefox User said on September 4, 2019 at 2:27 am
    Reply

    Darn, I just lost all my passwords. I got the impression that the problem was fixed quite some time ago. Or there is maybe a new problem now?

  18. Concerned Non Windows User said on September 14, 2019 at 4:16 pm
    Reply

    Saying that Avast or AVG are the source of this problem is a Red Herring at best. I, like others reporting this problem in the Summer – Fall of 2019, use Linux and found after a Firefox update that the logins.json.corrupt file exists and a new logins.json file was created empty. My master password was not corrupt and recognized as I added a new login.

    The new logins.json is an ASCII file with encrypted usernames and passwords
    The logins.json.corrupt is a “SQLite Rollback Journal”

    I’d suggest everyone recover their old password as mentioned in this site if needed then go to each site and change every single one. If continuing to use firefox, empty the logins.json after recovery, and at least change your master password too if still using Firefox’s built-in password management.

  19. Zachariah A Lloyd said on October 15, 2019 at 9:37 am
    Reply

    When I enter about:support into the address bar, and go there it has no option to open folder anywhere on the page….
    It is just a page called Troubleshooting Information, but has nothing that allows you to open the profile at all?? Is there any other way to search for this logins.json file?? Because I am noticing that Firefox has lost at least a good half of my old saved logins for websites, and would like them back.
    This is in keeping with a disturbing trend lately (past few months) where Firefox browser has been getting worse, and worse, to the point where i am considering switching to Chrome for my web searching etcetera.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.