After updating from Firefox 67.0.1 to Firefox 67.0.2 some users noticing that their logins and passwords stored in Firefox browser are no longer shown by Password manager or can’t be seen in “saved logins” dialog window. The reports coming from users using AVG on their systems and the Firefox profile folder showing “login.json.corrupted”. Mozilla is aware of this issue and investigating, meanwhile, you can able to recover passwords and logins lost due to this issue.
Avast/AVG Software notorious for causing trouble to Firefox users with the certificate and managed by organization errors is now corrupting Firefox’s saved logins file- login.json – during system reboots.
If you update to Firefox 67.0.2 with AVG installed, after rebooting the system users noticed Firefox built-in password manager no longer auto filling passwords and logins and saved logins dialog isn’t showing any websites login info and Firefox profile folder contains login.json.corrupted file instead of logins.json.
Mozillian Philipp says this to Avast team member in the bug thread “Hi lucas, fyi, your product seems to be involved in corrupting the Firefox password storage on system reboots since recently”.
As we said above, Mozilla is working on this, since this issue is caused by external software, I do think, Avast needs to fix the issue on their end, expect Mozilla and Avast to coordinate on this and provide a resolution to users soon. Right now you can recover passwords and logins deleted from Firefox browser, this way.
1. Launch Firefox
2. Click on Menu > Troubleshooting Information
3. Under Application Basics, for Profile Folder entry, click “Open Folder”
4. Switch to Firefox browser and choose “Exit” in the menu to close the browser.
5. In the profile folder, if the logins.json file already exists, rename it to “loginsnew. json” and rename logins.json.corrupt to logins.json, the latter step is important.
Launch Firefox again to see logins and passwords are restored and available.
UPDATE June 14, 2019: Avast’ team member Lukas agreed problem is caused by their password protection feature in AVG which restricted Firefox from accessing password storage that is using new ceritificate and said new AVG instllations won’t cause this issue to Firefox users, while for existing AVG users, they’re pushing a fix through Virus database definition update which takes care of the problem.
While revaling root cause of problem Lukas said”The AVG team has been able to identify the source of the problem in one of the AVG featuress (password protection). The product protects users from the risk of stolen passwords stored inside Firefox and other browsers. For Fiefox it only allows process signed by Firefox certificate to access storage.”
“We have been able to identify a problem with propagating certificate trust to all our systems. Firefox 67.0.2 is signed by newly issued certificate valid from 5/31/2019 and the problem most probably caused by this. We have manually fixed our internal certificate flags on our backends and updated the process for future certificate updates (expecting no later than 6/4/2010).
Are you affected?