Firefox ate my saved logins :-(

Issues related to applications and software problems
taylorkh
Posts: 534
Joined: 2010/11/24 15:08:33
Location: North Carolina, USA

Firefox ate my saved logins :-(

Post by taylorkh » 2018/10/11 17:13:17

Much to my dismay, when I upgraded to Firefox 60.2.2.1esr a few days ago I found that it had deleted my master password and some 400+ saved logins :shock: Reading the release notes I learned that the update supposedly fixed a bug which potentially could expose saved logins which were saved before a master password was set. I believe that I had always used a master password - although my Firefox profile dates back to Netscape Navigator on Windows NT :lol:

I rolled back the upgrade and restored my Firefox profile from backup. Yesterday I tried again, upgrading to 60.2.2esr. Same issue. I did some more testing and it seems that Firefox will no longer save credentials protected with a master password.

Has anyone else observed this???

I filed a bug with the upstream vendor as it is their package (I think). https://bugzilla.redhat.com/show_bug.cgi?id=1638477 Please pile on the bug report if you are seeing this issue.

TIA,

Ken

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Firefox ate my saved logins :-(

Post by avij » 2018/10/11 17:17:05

There's already a bug filed for this: https://bugzilla.redhat.com/show_bug.cgi?id=1633932

taylorkh
Posts: 534
Joined: 2010/11/24 15:08:33
Location: North Carolina, USA

Re: Firefox ate my saved logins :-(

Post by taylorkh » 2018/10/11 17:44:17

Thanks avij,

I missed that. Let me make a note on my bug report referencing the earlier one. Glad I am not the only one to see this.

Ken

taylorkh
Posts: 534
Joined: 2010/11/24 15:08:33
Location: North Carolina, USA

Re: Firefox ate my saved logins :-(

Post by taylorkh » 2018/10/11 17:50:03

Upon reading the OLD bug report in detail it references 60.2.1esr. The same issue appears to be present in .2esr so I guess I will leave my bug report against that newer version.

Can anyone recommend a good "external to Firefox" password manager? Non-cloud based please.

Ken

doulos
Posts: 38
Joined: 2015/11/07 17:55:32

Re: Firefox ate my saved logins :-(

Post by doulos » 2018/10/11 18:56:51

I use Password Safe and my dad uses KeyPass 2. I would be lost with out a password manager as I use different strong passwords for almost everything.

taylorkh
Posts: 534
Joined: 2010/11/24 15:08:33
Location: North Carolina, USA

Re: Firefox ate my saved logins :-(

Post by taylorkh » 2018/10/11 19:47:19

Thanks doulos,

I will look into those two. The native one in Firefox has done well for me for many years - except for an occasional site which attempts to prevent its credentials from being saved. I generated a master list of passwords several years ago. I started with a graphic file - don't remember of what - and UU encoded it as one would do to post a binary to Usenet. I then parsed out 10 columns, chosen at random, with FoxPro. I store the text file in an encrypted container file and decrypt/access it when I need a new password for something. I record where I have used the password in the master list as a backup. I still have 1000+ strong passwords available :D

Ken

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Firefox ate my saved logins :-(

Post by TrevorH » 2018/10/11 21:27:28

You can set the environment variable while you wait for the fixed version.

https://lists.centos.org/pipermail/cent ... 70244.html

Though I'd also keep a backup of your current file as I am not sure that the fixed version will look at key4.db files in preference to the 3 version so you might be stuck with setting that environment variable forever or going back to an old file.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

taylorkh
Posts: 534
Joined: 2010/11/24 15:08:33
Location: North Carolina, USA

Re: Firefox ate my saved logins :-(

Post by taylorkh » 2018/10/11 23:04:16

Thanks TrevorH,

I am backed up six ways to Sunday. For the time being I have firefox excluded in /etc/yum.conf on the physical machine and virtual machine which I use for web browsing. When I see a new version of firefox coming available on another machine I will do some testing. Once it is fixed I will update my "production" machines.

Ken

hughesjr
Site Admin
Posts: 254
Joined: 2004/12/05 01:51:26
Location: Corpus Christi, Texas, USA
Contact:

Re: Firefox ate my saved logins :-(

Post by hughesjr » 2018/10/15 17:22:35

Red Hat has an update in testing:

https://bugzilla.redhat.com/show_bug.cgi?id=1633932#c23

There are temporary (unsigned) files here for CentOS 6 and CentOS 7 (x86_64, i386):

https://buildlogs.centos.org/c6-firefox ... 015143830/

https://buildlogs.centos.org/c7-firefox ... 015143830/

As soon as the official update with the fix is released, I will get it built and signed.

taylorkh
Posts: 534
Joined: 2010/11/24 15:08:33
Location: North Carolina, USA

Re: Firefox ate my saved logins :-(

Post by taylorkh » 2018/10/15 19:16:19

Thanks hughesjr,

60.2.2estr hit the repos a couple of days ago. I installed it on a test CentOS 7.5 machine, copied over my FF profile. Logged onto this site and closed Firefox. When I started it up again I found that my credentials had been zapped. I think I will give it a couple of days and see what 60.2.2.2 becomes. I might try building the srpm but not for "production" use.

Ken

Post Reply