X
點擊此處開啟此網站的行動版。

技術支援討論區

Master password was removed. Unwanted action 52.9

已張貼

I've recently found, to my surprise, that my Firefox 52.9 64bit Linux had its Master Password removed. My computer did not have anyone physically access from the time MP was enabled until it was disabled. I was out for a few hours and there was no access to my computer which is located in a rural area. In the morning I opened up FF and noticed that FF's MP was disabled. I'm very diligent at keeping my computers clean of malware. Is there a security glitch in FF 52.9? I have over 30 years of computer admin experience. Addons screencap enclosed.

chkrootkit is now reporting, before it was clean Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/flashgot.14mg9vg0.default/flashgot.fgt

I've recently found, to my surprise, that my Firefox 52.9 64bit Linux had its Master Password removed. My computer did not have anyone physically access from the time MP was enabled until it was disabled. I was out for a few hours and there was no access to my computer which is located in a rural area. In the morning I opened up FF and noticed that FF's MP was disabled. I'm very diligent at keeping my computers clean of malware. Is there a security glitch in FF 52.9? I have over 30 years of computer admin experience. Addons screencap enclosed. chkrootkit is now reporting, before it was clean Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/flashgot.14mg9vg0.default/flashgot.fgt
附加的畫面擷圖

額外的系統細節

已安裝的外掛程式

  • Shockwave Flash 31.0 r0

應用程式

  • Firefox 52.9.0
  • 使用者代理:Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
  • 技術支援網址:https://support.mozilla.org/1/firefox/52.9.0/Linux/en-US/

擴充套件

  • AdBlocker Ultimate 2.32 (adblockultimate@adblockultimate.net)
  • Application Update Service Helper 2.0 (aushelper@mozilla.org)
  • Audio Equalizer 0.1.2 ({63d150c4-394c-4275-bc32-c464e76a891c})
  • Fast Image Research 1.47 (fastimageresearch@usacyborg.com)
  • FlashGot 1.5.6.14 ({19503e42-ca3c-4c27-b1e2-9cdb2170ee34})
  • LanguageTool - Grammar and Style Checker 1.0.46 (languagetool-webextension@languagetool.org)
  • Multi-process staged rollout 1.10 (e10srollout@mozilla.org)
  • Nimbus Screen Capture: Screenshots, Annotate 14.3.5 (nimbusscreencaptureff@everhelper.me)
  • Pocket 1.0.5 (firefox@getpocket.com)
  • ScrapBook X 1.14.5 (scrapbookx@addons.mozilla.org)
  • TinEye Reverse Image Search 1.4.0 (tineye@ideeinc.com)
  • Web Compat 1.0 (webcompat@mozilla.org)

JavaScript

  • incrementalGCEnabled: True

圖形

  • adapterDescription: NVIDIA Corporation -- GeForce 8400GS/PCIe/SSE2
  • adapterDeviceID: GeForce 8400GS/PCIe/SSE2
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: NVIDIA Corporation
  • crashGuards: []
  • currentAudioBackend: pulse
  • driverDate:
  • driverVersion: 3.3.0 NVIDIA 340.107
  • featureLog: {u'fallbacks': [], u'features': [{u'status': u'blocked', u'description': u'Compositing', u'log': [{u'status': u'blocked', u'message': u'Acceleration blocked by platform', u'type': u'default'}], u'name': u'HW_COMPOSITING'}, {u'status': u'unavailable', u'description': u'OpenGL Compositing', u'log': [{u'status': u'unavailable', u'message': u'Hardware compositing is disabled', u'type': u'default'}], u'name': u'OPENGL_COMPOSITING'}]}
  • info: {u'AzureCanvasAccelerated': 0, u'AzureCanvasBackend': u'skia', u'AzureFallbackCanvasBackend': u'none', u'CairoUseXRender': 0, u'AzureContentBackend': u'skia'}
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'']
  • numTotalWindows: 1
  • supportsHardwareH264: No
  • webgl2Renderer: NVIDIA Corporation -- GeForce 8400GS/PCIe/SSE2
  • webglRenderer: NVIDIA Corporation -- GeForce 8400GS/PCIe/SSE2
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Basic

修改過的偏好設定

其他

  • User JS: 否
  • 輔助功能: 否
cor-el
  • Top 10 Contributor
  • Moderator
17334 個解決方法 156731 個答案

有幫助的回覆

Did you always use the Firefox 52.9.0 ESR version or did you ever used a more recent Firefox release version?

More recent Firefox versions use key4.db for the key file and if you used a recent release when you set the MP then this MP would have been stored in key.db. Firefox 52.9.0 uses key3.db for the key file, so reverting to an older Firefox used a key file that doesn't have the master password.

Did you always use the Firefox 52.9.0 ESR version or did you ever used a more recent Firefox release version? More recent Firefox versions use key4.db for the key file and if you used a recent release when you set the MP then this MP would have been stored in key.db. Firefox 52.9.0 uses key3.db for the key file, so reverting to an older Firefox used a key file that doesn't have the master password.

提出問題者

thank you for the info, interesting. Yes I have used Quantum on this computer in question. I have reverted to using 52.9 over a month ago. I'm syncing this computer with other 52.9s My older FF versions have always used a master password.

Correction: I should have stated above that the master password was disabled not removed.

Recently chkrootkit has reported an addon FlashGot (a recommend addon) is infected Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/flashgot.14mg9vg0.default/flashgot.fgt

thank you for the info, interesting. Yes I have used Quantum on this computer in question. I have reverted to using 52.9 over a month ago. I'm syncing this computer with other 52.9s My older FF versions have always used a master password. Correction: I should have stated above that the master password was disabled not removed. Recently chkrootkit has reported an addon FlashGot (a recommend addon) is infected Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/flashgot.14mg9vg0.default/flashgot.fgt

提出問題者

flashgot developer assures me chkrootkit reporting is a false positive, flashgot uses a temp file containing URLS to download. I did not view the file at the time, silly me

flashgot developer assures me chkrootkit reporting is a false positive, flashgot uses a temp file containing URLS to download. I did not view the file at the time, silly me