X
Tap here to go to the mobile version of the site.

Support Forum

Master password was removed. Unwanted action 52.9

Posted

I've recently found, to my surprise, that my Firefox 52.9 64bit Linux had its Master Password removed. My computer did not have anyone physically access from the time MP was enabled until it was disabled. I was out for a few hours and there was no access to my computer which is located in a rural area. In the morning I opened up FF and noticed that FF's MP was disabled. I'm very diligent at keeping my computers clean of malware. Is there a security glitch in FF 52.9? I have over 30 years of computer admin experience. Addons screencap enclosed.

chkrootkit is now reporting, before it was clean Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/flashgot.14mg9vg0.default/flashgot.fgt

I've recently found, to my surprise, that my Firefox 52.9 64bit Linux had its Master Password removed. My computer did not have anyone physically access from the time MP was enabled until it was disabled. I was out for a few hours and there was no access to my computer which is located in a rural area. In the morning I opened up FF and noticed that FF's MP was disabled. I'm very diligent at keeping my computers clean of malware. Is there a security glitch in FF 52.9? I have over 30 years of computer admin experience. Addons screencap enclosed. chkrootkit is now reporting, before it was clean Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/flashgot.14mg9vg0.default/flashgot.fgt
Attached screenshots

Additional System Details

Installed Plug-ins

  • Shockwave Flash 31.0 r0

Application

  • Firefox 52.9.0
  • User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
  • Support URL: https://support.mozilla.org/1/firefox/52.9.0/Linux/en-US/

Extensions

  • AdBlocker Ultimate 2.32 (adblockultimate@adblockultimate.net)
  • Application Update Service Helper 2.0 (aushelper@mozilla.org)
  • Audio Equalizer 0.1.2 ({63d150c4-394c-4275-bc32-c464e76a891c})
  • Fast Image Research 1.47 (fastimageresearch@usacyborg.com)
  • FlashGot 1.5.6.14 ({19503e42-ca3c-4c27-b1e2-9cdb2170ee34})
  • LanguageTool - Grammar and Style Checker 1.0.46 (languagetool-webextension@languagetool.org)
  • Multi-process staged rollout 1.10 (e10srollout@mozilla.org)
  • Nimbus Screen Capture: Screenshots, Annotate 14.3.5 (nimbusscreencaptureff@everhelper.me)
  • Pocket 1.0.5 (firefox@getpocket.com)
  • ScrapBook X 1.14.5 (scrapbookx@addons.mozilla.org)
  • TinEye Reverse Image Search 1.4.0 (tineye@ideeinc.com)
  • Web Compat 1.0 (webcompat@mozilla.org)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: NVIDIA Corporation -- GeForce 8400GS/PCIe/SSE2
  • adapterDeviceID: GeForce 8400GS/PCIe/SSE2
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: NVIDIA Corporation
  • crashGuards: []
  • currentAudioBackend: pulse
  • driverDate:
  • driverVersion: 3.3.0 NVIDIA 340.107
  • featureLog: {u'fallbacks': [], u'features': [{u'status': u'blocked', u'description': u'Compositing', u'log': [{u'status': u'blocked', u'message': u'Acceleration blocked by platform', u'type': u'default'}], u'name': u'HW_COMPOSITING'}, {u'status': u'unavailable', u'description': u'OpenGL Compositing', u'log': [{u'status': u'unavailable', u'message': u'Hardware compositing is disabled', u'type': u'default'}], u'name': u'OPENGL_COMPOSITING'}]}
  • info: {u'AzureCanvasAccelerated': 0, u'AzureCanvasBackend': u'skia', u'AzureFallbackCanvasBackend': u'none', u'CairoUseXRender': 0, u'AzureContentBackend': u'skia'}
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'']
  • numTotalWindows: 1
  • supportsHardwareH264: No
  • webgl2Renderer: NVIDIA Corporation -- GeForce 8400GS/PCIe/SSE2
  • webglRenderer: NVIDIA Corporation -- GeForce 8400GS/PCIe/SSE2
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Basic

Modified Preferences

Misc

  • User JS: No
  • Accessibility: No
cor-el
  • Top 10 Contributor
  • Moderator
17516 solutions 158398 answers

Helpful Reply

Did you always use the Firefox 52.9.0 ESR version or did you ever used a more recent Firefox release version?

More recent Firefox versions use key4.db for the key file and if you used a recent release when you set the MP then this MP would have been stored in key.db. Firefox 52.9.0 uses key3.db for the key file, so reverting to an older Firefox used a key file that doesn't have the master password.

Did you always use the Firefox 52.9.0 ESR version or did you ever used a more recent Firefox release version? More recent Firefox versions use key4.db for the key file and if you used a recent release when you set the MP then this MP would have been stored in key.db. Firefox 52.9.0 uses key3.db for the key file, so reverting to an older Firefox used a key file that doesn't have the master password.

Question owner

thank you for the info, interesting. Yes I have used Quantum on this computer in question. I have reverted to using 52.9 over a month ago. I'm syncing this computer with other 52.9s My older FF versions have always used a master password.

Correction: I should have stated above that the master password was disabled not removed.

Recently chkrootkit has reported an addon FlashGot (a recommend addon) is infected Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/flashgot.14mg9vg0.default/flashgot.fgt

thank you for the info, interesting. Yes I have used Quantum on this computer in question. I have reverted to using 52.9 over a month ago. I'm syncing this computer with other 52.9s My older FF versions have always used a master password. Correction: I should have stated above that the master password was disabled not removed. Recently chkrootkit has reported an addon FlashGot (a recommend addon) is infected Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/flashgot.14mg9vg0.default/flashgot.fgt

Question owner

flashgot developer assures me chkrootkit reporting is a false positive, flashgot uses a temp file containing URLS to download. I did not view the file at the time, silly me

flashgot developer assures me chkrootkit reporting is a false positive, flashgot uses a temp file containing URLS to download. I did not view the file at the time, silly me