This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Can the manage password files be hacked and deciphered?

  • 1 reply
  • 1 has this problem
  • 17 views
  • Last reply by cor-el

more options

I had gone to a site where I got infected with hijack trojan siredef.c. I knew it immediately and scanned with Malware Bytes. I found and quarantined the malware but changes were done that prevented me from accessing the internet. A professional IT person got everything working again an purged any remnants of this trojan malware. Was there any chance that the Mozilla password storage information may have been hacked?

I had gone to a site where I got infected with hijack trojan siredef.c. I knew it immediately and scanned with Malware Bytes. I found and quarantined the malware but changes were done that prevented me from accessing the internet. A professional IT person got everything working again an purged any remnants of this trojan malware. Was there any chance that the Mozilla password storage information may have been hacked?

All Replies (1)

more options

The names and passwords stored in logins.json are encrypted with an encryption key that is stored in the key3.db file. The master password adds an additional level to this encryption. If you do not use a master password then having access to key3.db and logins.json is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.

When you enter the Master Password when prompted then you log in to the Software Security Device and it is possible to have access to the stored passwords until you log out of the Software Security Device.

You can log out from the Software Security Device (e.g. click Cancel in the Show Passwords dialog) to force re-entering the MP once again.

  • Options > Security: Passwords: "Saved Passwords" > "Show Passwords"