With the release of Firefox 67.0.2, some users began noticing that the browser had stopped automatically filling in their saved logins. Even worse, when they tried to access their saved logins using the Firefox password manager, they noticed that the list was empty.

This led users to believe [1, 2] that the Firefox 67.0.2 upgrade released this week had caused the browser to delete all of their saved login credentials.

Empty Saved Logins List (Source: Mozilla Bug Post)

When Firefox saves login information, it will store it in a file called logins.json that is stored in the profile folder for the Firefox user. When users checked to see if this file existed, they found that it was renamed to logins.json.corrupt as shown below.

Corrupt Logins.json File

Once the file was renamed to logins.json, they were able to access their saved logins again, but it would be renamed again to logins.json.corrupt the next time they started Firefox.

So simply renaming the file was not a solution.

AVG Password Protection is the cause

It turns out that this issue was only affecting users who had installed the AVG Password Protection feature and it was doing too good of a job protecting Firefox passwords.

In a Mozilla bug post about this issue, Lukáš Rypáček, an engineering director at Avast, explained that the AVG Password Protection program will block a process' access to saved logins unless the process is signed by a known and valid Firefox certificate. As Mozilla had issued a new certificate on 5/31/2019 and signed Firefox 67.0.2 with it, but AVG had not included it in the AVG Password Protection program, the Firefox processes were being blocked.

Comment from Lukáš

As Firefox was not able to read the logins.json, the browser thought it was corrupt and renamed it to logins.json.corrupt.

The good news is that the passwords are still safe and sound in the logins.json.corrupt file and AVG has created a fix to include Mozilla's new certificate in their program. Users who install fresh installations of AVG will not have a problem and existing users need to wait for VPS definition version 19061402 to be downloaded by their AVG software.

Further comment from Lukáš

Once the AVG software is showing that VPS version 19061402 is installed, users can close Firefox, rename logins.json.corrupt to logins.json and start Firefox again. Once this is done, their saved logins will be available again.

Not the first certificate issue with Firefox

This is not the first time that Mozilla has had issues related to certificates.

When Firefox 65 was released, users began reporting that they were seeing "Your Connection is not secure" errors when browsing the web. This turned out to be an issue with how antivirus software was adding certificates to the Mozilla Certificate Store so that they could scan secure connections for malicious content.

More recently, Firefox users discovered that their addons had suddenly stopped working on 5/4/19 at midnight UTC. This issue was caused by Mozilla forgot to renew a certificate that was used to sign Firefox addons. As Firefox only enables addons with valid certificates, users around the world suddenly found all of their addons disabled.

H/T TechDows.com