Inaccessible passwords in Tor Browser 13.0

On updating to Tor Browser 13.0 and running a system update (to Debian 12.2), all my passwords are missing from the Saved Logins view. Issue persists after creating a new profile (can neither create new passwords or copy over the logins.json and key4.db from my main profile). Tried reinstalling Tor Browser (mv ~/.tb/tor-browser to ~/.tb/tor-browser.old, then extracting Tor Browser archive to ~/.tb/tor-browser as per wiki/Tor_Browser/Manual_Download). Was able to recover passwords using firefox_decrypt on GitHub, but still can’t the password manager to work in Whonix on Tor Browser.

Browser console is saturated with errors (before and after browser reinstall + new profiles):
NS_ERROR_FAILURE: Couldn’t encrypt string
encrypt resource://gre/modules/crypto-SDR.sys.mjs:92
_encryptLogin resource://gre/modules/storage-json.sys.mjs:825
addLogin resource://gre/modules/storage-json.sys.mjs:186
addLogin resource://gre/modules/LoginManager.sys.mjs:323
persistData resource://gre/modules/LoginManagerPrompter.sys.mjs:441
callback resource://gre/modules/LoginManagerPrompter.sys.mjs:531
_onButtonEvent resource://gre/modules/PopupNotifications.sys.mjs:1928
oncommand chrome://browser/content/browser.xhtml:1

Error: Component returned failure code: 0x805a1f9b [nsIPK11Token.changePassword]
setPassword chrome://mozapps/content/preferences/changemp.js:116
_fireButtonEvent chrome://global/content/elements/dialog.js:515
_doButtonCommand chrome://global/content/elements/dialog.js:494
_handleButtonCommand chrome://global/content/elements/dialog.js:488

NS_ERROR_NOT_IMPLEMENTED: Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIAutoCompleteInput.popupElement] LoginManagerPrompter.sys.mjs:83
observe resource://gre/modules/LoginManagerPrompter.sys.mjs:83

LoginHelper(Main): Couldn’t parse specified uri about:preferences#privacy with error NS_ERROR_FAILURE LoginHelper.sys.mjs:693:18

Possibly related to Tor Browser GitLab issue #42106?

Whonix doesn’t change the “inside” [1] of Tor Browser. Whonix doesn’t develop Tor Browser.

Bugs of that type should be reproducible outside Whonix too. Such bugs need to be discussed upstream at The Tor Project.

Tor Browser Essentials chapter Does Whonix Change Default Tor Browser Settings? in Whonix wiki

SessionFileInternal.getWriter() called too early in new identity (#42106) · Issues · The Tor Project / Applications / Tor Browser · GitLab? No, that doesn’t seem related at all.

A known issue:

  1. Copy and paste: about:config into the URL bar, click “Accept the risk and continue”.
  2. Set security.nocertdb to false
  3. Restart Tor Browser
  4. Your passwords will be available again
1 Like