Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Master password was removed. Unwanted action 52.9

  • 3 replies
  • 1 has this problem
  • Last reply by Galen

more options

I've recently found, to my surprise, that my Firefox 52.9 64bit Linux had its Master Password removed. My computer did not have anyone physically access from the time MP was enabled until it was disabled. I was out for a few hours and there was no access to my computer which is located in a rural area. In the morning I opened up FF and noticed that FF's MP was disabled. I'm very diligent at keeping my computers clean of malware. Is there a security glitch in FF 52.9? I have over 30 years of computer admin experience. Addons screencap enclosed.

chkrootkit is now reporting, before it was clean Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/flashgot.14mg9vg0.default/flashgot.fgt

Attached screenshots

All Replies (3)

more options

Did you always use the Firefox 52.9.0 ESR version or did you ever used a more recent Firefox release version?

More recent Firefox versions use key4.db for the key file and if you used a recent release when you set the MP then this MP would have been stored in key.db. Firefox 52.9.0 uses key3.db for the key file, so reverting to an older Firefox used a key file that doesn't have the master password.

more options

thank you for the info, interesting. Yes I have used Quantum on this computer in question. I have reverted to using 52.9 over a month ago. I'm syncing this computer with other 52.9s My older FF versions have always used a master password.

Correction: I should have stated above that the master password was disabled not removed.

Recently chkrootkit has reported an addon FlashGot (a recommend addon) is infected Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/flashgot.14mg9vg0.default/flashgot.fgt

more options

flashgot developer assures me chkrootkit reporting is a false positive, flashgot uses a temp file containing URLS to download. I did not view the file at the time, silly me