Package: firefox-esr
Version: 60.3.0esr-1~deb8u1
Followup-For: Bug #911364
Dear Maintainer,
what could possibly go wrong when updating Firefox ESR to the next major
release?
This issue now arrived in Debian Jessie. I can confirm and reproduce it
with this steps. Prerequisite is that a master password is used:
1. Delete ~/.mozilla directory and restore it from a backup that was
made from Firefox ESR 52
2. Start Firefox ESR 60
3. Close Firefox ESR 60
4. Start Firefox ESR 60 again
-> All saved passwords are permanently gone!
The issue can be avoided by entering the master password on the very
first start of Firefox ESR 60. Reproduction steps:
1. Delete ~/.mozilla directory and restore it from a backup that was
made from Firefox ESR 52
2. Start Firefox ESR 60
3. Unlock the password store by entering the master password
4. Close Firefox ESR 60
5. Start Firefox ESR 60 again
-> Saved passwords are intact.
The key issue is that the key3.db file is not properly migrated to the
new version and during the migration it is even destroyed. The key3.db
is therefore required from a backup to restore the saved passwords. This
can be even an older backup. That way, it is possible to restore
recently saved passwords by using a key3.db file from an older backup:
1. Delete key4.db file from the Firefox ESR 60 profile (e.g.
~/.mozilla/firefox/XXXXXXXX.default/key4.db)
2. Replace key3.db file from an older backup
3. Start Firefox ESR 60
4. Unlock the password store by entering the master password
5. Close Firefox ESR 60
6. Start Firefox ESR 60 again
-> Saved passwords are restored.
On affected systems both key3.db and key4.db files exist. Where on a
properly migrated installation, only key4.db file exists. It should be
therefore possible to detect if a user was affected by this issue.
Thanks
Andreas
-- Package-specific info:
-- Addons package information
-- System Information:
Debian Release: 8.11
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-0.bpo.6-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages firefox-esr depends on:
ii debianutils 4.4+b1
ii fontconfig 2.11.0-6.3+deb8u1
ii libasound2 1.0.28-1
ii libatk1.0-0 2.14.0-1
ii libc6 2.19-18+deb8u10
ii libcairo-gobject2 1.14.0-2.1+deb8u2
ii libcairo2 1.14.0-2.1+deb8u2
ii libdbus-1-3 1.8.22-0+deb8u1
ii libdbus-glib-1-2 0.102-1
ii libevent-2.0-5 2.0.21-stable-2+deb8u1
ii libffi6 3.1-2+deb8u1
ii libfontconfig1 2.11.0-6.3+deb8u1
ii libfreetype6 2.5.2-3+deb8u2
ii libgcc1 1:4.9.2-10+deb8u1
ii libgdk-pixbuf2.0-0 2.31.1-2+deb8u7
ii libglib2.0-0 2.42.1-1+b1
ii libgtk-3-0 3.14.5-1+deb8u1
ii libpango-1.0-0 1.36.8-3
ii libstartup-notification0 0.12-4
ii libstdc++6 4.9.2-10+deb8u1
ii libx11-6 2:1.6.2-3+deb8u2
ii libx11-xcb1 2:1.6.2-3+deb8u2
ii libxcb-shm0 1.10-3+b1
ii libxcb1 1.10-3+b1
ii libxcomposite1 1:0.4.4-1
ii libxdamage1 1:1.1.4-2+b1
ii libxext6 2:1.3.3-1
ii libxfixes3 1:5.0.1-2+deb8u1
ii libxrender1 1:0.9.8-1+b1
ii libxt6 1:1.1.4-1+b1
ii procps 2:3.3.9-9+deb8u1
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages firefox-esr recommends:
ii libavcodec56 6:11.12-1~deb8u1
Versions of packages firefox-esr suggests:
pn fonts-lmodern <none>
pn fonts-stix | otf-stix <none>
ii libcanberra0 0.30-2.1
ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u4
ii libgtk2.0-0 2.24.25-3+deb8u2
pn pulseaudio <none>
-- no debconf information
