Firefox 67.0.2 loses passwords; blame AVG antivirus

Mozilla[German]Before it get lost: If you store passwords in Firefox and suddenly notice that they are all deleted, you should check if an AVG antivirus solution is running on your system. It blocks access to passwords in Firefox 67.0.2.


Advertising

German blog-reader Rudi has pointed out this issue to me (thanks for that). Also some German sites reported it already Thursday on Camp Firefox. Meanwhile the topic has also arrived at Bleeping Computer.

AVG blocks password access in Firefox 67.0.2

With the release of Firefox 67.0.2, some users noticed that the browser no longer automatically fills in the saved Web page credentials. For example, you can find bug reports in the Mozilla support forum. An empty list was displayed when attempting to access the saved credentials using Firefox Password Manager. In the bug list of the Mozilla project there is the following screenshot.

Firefox: Leere Passwortliste
(Firefox: Empty password list, Source: Mozilla Bugzilla report)

There a poster writes that he was able to reproduce the behaviour within his environment using the following steps.

I was able to reproduce this issue on Windows 7 x64 by doing the following steps:

1- installed AVG latest version 19.5.3093 (build 19.5.4444.503) UI version: 1.0.171
2- installed firefox release version 67.0.1 and signed in facebook.
3- updated to firefox 67.0.2
4- Reboot
5- open ff 67.0.2 : previously opened tab with facebook logged in was opened. When looking at the Saved Logins, I should have the one from facebook, but it’s empty.

With AVG 19.5.3093 (build 19.5.4444.503) on its Windows 7 system and the update to Firefox 67.0.2, lhis ogon credentials are no longer stored.

AVG blocks access to password store

At reddit.com someone also reported this error. However, there are hints to what happened. The file logins.json is damaged, so Firefox saves it as corrupt. Here is an excerpt from the thread:


Advertising

Got the same problem after update.
Found a fix for that!
Close your browser. Go into your profiles folder.

There is a file called “logins.json.corrupt”
Rename it to “logins.json” (without the quotation mark)

Start your browser.

The apparent workaround is to quit Firefox, go to the profile folder and rename the file logins.json.corrupt to logins.json. When you then restart Firefox, the saved credentials are back. The whole thing unfortunately only lasts until the next restart of the computer, as you can read in the thread and here. The reason is probably the AVG password protection, as Bleeping Computer writes here with reference to this post by Lukas Rypacek.

Lukáš Rypáček, a technical director at Avast, explains in his post that the AVG password protection program blocks a process from accessing stored logins unless the process is signed with a known and valid Firefox certificate. Since Mozilla issued a new certificate on 31.05.2019 and Firefox 67.0.2 had signed it, but AVG had not included it in the AVG password protection program, Firefox processes are blocked.

All that remains is to throw or disable the AVG antivirus from the system (see here) or wait for an update from the manufacturer. AVG wants to deliver a fix within hours. Quote:

New AVG installations should be repaired immediately, for existing users we release the fix through a virus database update, which should be available within a few hours. The updated VPS version number is ‘19061402’. The current virus DB version can be found in the following file “C:\Program Files\AVG\Antivirus\defs\aswdefs.ini”..

If the update is already rolled out, I can’t tell due to lack of AVG. More details can be found at Bleeping Computer. Anyone affected?


Advertising
This entry was posted in browser, issue and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *