Firefox Extension: Can't unlock vault with PIN

[DiGi]

Steps To Reproduce

1. Have Firefox extension logged in with enabled PIN unlock
2. Try to unlock with PIN
3. Enter key doesn't do anything, can't open vault

Extra steps

4. Logout from extension
5. Login back using main password and 2FA
6. Try to enable PIN again
7. "Enter PIN" field is not responding to Enter key, OK button is not working too

Expected Result

I can unlock vault using PIN, I can enable Unlock by PIN option.

Actual Result

Enter key is ignored, I can't submit existing PIN. I can't create new PIN.

Screenshots or Videos

No response

Additional Context

Extension is not working on my two desktop systems.

I haven't any issues last week so it is maybe regression with new version 2023.8.3 (from Addons website: Last updated: 7 days ago (7. September 2023)).

There are may one or two star reviews from last week on Firefox Addons with login issues using biometrics too.

Operating System

Windows

Operating System Version

Windows 11 22H2, Windows 10 22H2

Web Browser

Firefox

Browser Version

117.0.1

Build Version

Firefox Extension v2023.8.3

Issue Tracking Info

• [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[DiGi]

Duplicate of #6156 - I must messed "extension" while searching for open bug.

[cmd430]

You might want to reopen as #6156 was specifically about Biometrics

[DiGi]

This looks like new issue after releasing #6156.

[richardb64]

Is this a variation on part of the original problem, where in practice with a mismatched extension (#6156, #6185) it's actually very difficult to unlock the extension at all - the biometric unlock dialogue is triggered (and then fails, due to the API breakage) without giving the user a chance to unlock in any other way. The only workaround seems to be to hard-close the desktop client altogether, so that the biometric attempt never happens at all, and only then will the extension allow "local" login (master password and/or PIN).

That's probably worth raising as a separate bug in its own right (if there isn't already one) - ie. the extension should not plough into the biometric dialogue until the user actually clicks the "unlock with biometrics" option.

This problem could also be avoided by fixing a much wider issue - the extension window tends to disappear entirely as soon as it loses focus, rather than only when some action is actively selected by the user (mainly auto-fill or close). If that issue were addressed, then it would probably be possible to simply ignore the biometric dialogue and enter the password/PIN anyway. I appreciate the focus problem might be hard to fix, though, if the browsers are in control of whether the window remains open. I had a quick look to see if there was already an issue for this and couldn't find one, but maybe others will have better luck!

[ishanjain28]

The new release of bitwarden client is completely broken.

I can not login with PIN anymore. I don't see any errors in console logs for the extension.

I tried to sign in(after logging out). It sends prelogin request and then crashes. For now, I have rolled back to the previous release.

[dinosmm]

I wonder if I am seeing a variant of the same issue, or if I should make a new issue?

When I enter the master password on the Firefox extension (2023.8.3), the extension window stays as is, no indication of being unlocked. If I click out of it, the extension icon still has a padlock on it, but if I click on it, the extension is unlocked and the vault accessible. The padlock icon changes to a number icon if I refresh the page or (if already on the page) I click on a password entry to input it.

[MountComb]

Same issue on Linux using Firefox addon version 2023.8.3.

A workaround is to get the old version from https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/versions/, and version 2023.7.1 works fine. Also need to turn off auto-update for this addon.

[stefan0xC]

Tried to reproduce this: If I downgrade the extension to 2023.7.1, setup the PIN, upgrade to 2023.8.3 it will lock the extension without asking for PIN (even though it will still say that I still have it enabled) and I also experience similar issues after unlocking with my password (i.e. the extension only syncs and changes the icon after I switch the active tab). Unchecking the "Unlock with PIN" option will let me unlock the extension with my password without any issues (besides not being able to setup Unlock with PIN).

[pwseo]

Seems to be a problem with only the version available via addons.mozilla.org. If one loads the 2023.8.3 extension on the releases page from Github as a temporary extension, it works flawlessly (besides disappearing on browser restart).

Also, as someone pointed out on reddit, the extension on mozilla.org has only about 4 MB, while the one on Github releases page has about 8-9 MB; probably a defective (incomplete?) build.

[DiGi]

Related Reddit topic: https://www.reddit.com/r/Bitwarden/comments/16hulgu/unlock_with_pin_not_working_on_firefox_extension/

[Jastreb]

Reproduced 100% extension 2023.8.3 is broken on addons.mozilla.org please reupload

[pwseo]

I don't really know how many Bitwarden users use the Firefox extension, but it seems a bit odd that Bitwarden has not commented officially on this matter -- at least an email would be nice, telling people how to proceed in case they stumble upon this bug. As it stands, people are left without access to their vault via the extension, and arguably without knowing what to do. Not everyone knows enough to visit reddit, or github, or even the Discourse forum.

[DiGi]

I don't really know how many Bitwarden users use the Firefox extension

660k installs, but that's just total number. And not everyone use PIN or biometrics on desktop. But I completely agree that lack of information here on official source is annoying.

At least there is an "official" reply on Reddit:

BitwardenJai (Bitwarden Employee) 3 days ago Thanks to everyone both advising of this issue, and those who are actively sharing tips and workarounds! Our team is currently tracking this issue and researching how to best resolve.

[trmartin4]

Thank you for the report of this issue. We are currently investigating and testing potential fixes for two (potentially related) issues around PIN usage on the Firefox extension:

• Inability to set a PIN, and
• Inability to log in with a PIN after it is set

We understand the frustration that this has caused and are working on a resolution as soon as possible.

[fooness]

Seems to be a problem with only the version available via addons.mozilla.org. If one loads the 2023.8.3 extension on the releases page from Github as a temporary extension, it works flawlessly (besides disappearing on browser restart).

I can confirm that manually (and temporarily) installing the extension from GitHub — via https://github.com/bitwarden/clients/releases/tag/browser-v2023.8.3 — does (temporarily) fix the problem on Firefox 117.0.1 on macOS 13.5.2.

[trmartin4]

@fooness, can you clarify that you were seeing the issue on macOS, and if so whether it was an inability to set a PIN or inability to log in with a PIN? All reports thus far on this thread have (I believe) been on Windows clients.

[fooness]

@trmartin4 Yes, I can confirm that the issue happened to me on Firefox 117.0.1 on macOS 13.5.2; sorry I did not even realize this issue is Windows-related.

[stefan0xC]

@trmartin4 It also happens on Linux (see https://github.com/bitwarden/clients/issues/6286#issuecomment-1720431307).

[pashynskykh]

Does not work for me on Firefox for both macOS and Windows. Had to roll back to the previous version of the extension.

[trmartin4]

@fooness did you also try re-installing the extension from addons.mozilla.org to see if the issue persisted? We're trying to isolate whether it's fixed with re-installing the extension or specifically with the version on Github.

[pwseo]

@trmartin4 re-installing the extension from addons.mozilla.org does not work. I tried it on Windows 10 and on Linux (openSUSE Tumbleweed), both with the latest Firefox release. Only downgrading to 2023.7.1 or installing 2023.8.3 from Github works.

Also, should we create an issue or escalate the current one to reflect the real problem? There seems to be a big difference between the extension provided via addons.mozilla.org and the one found on Github releases page (at least on their sizes). Who knows what else isn't working besides the PIN troubles mentioned up until now.

[fooness]

@fooness did you also try re-installing the extension from addons.mozilla.org to see if the issue persisted? We're trying to isolate whether it's fixed with re-installing the extension or specifically with the version on Github.

For me it did not help; installing the extension from GitHub did fix the problem, though if I understood correctly, that locally installed extension won’t survive any browser restart. As others already noted, the extension via mozilla.org and github.com seem to somehow differ? Though maybe that’s only related to something something packaging.

[dinosmm]

testing potential fixes for two (potentially related) issues around PIN usage on the Firefox extension:

• Inability to set a PIN, and
• Inability to log in with a PIN after it is set

Are you aware there are more problems than just the PIN, e.g. my issue when I enter the master password that I described above? Would you be able to say if that is also being worked on?

[JLJTGR]

I may have a variant of this as well.

When using PIN unlock, viewing an item that is further protected by a Master Password prompt will fail with a JavaScript error(pressing OK does nothing visually). Downgrading to 2023.7.1 fixes the issue. My version of Firefox refuses to load the unsigned extension from GitHub regardless of xpinstall.signatures.required settings. Removing the PIN and using only Master Passwords works for both prompts.

Although if I try the same thing in the Android app, it will CTD. I sent a feedback about that through Google's crash prompts.

[pwseo]

@JLJTGR you have to load it as a temporary extension/addon, via the about:debugging page Tweaking the xpinstall.signatures.required boolean value currently has no effect on the release channel.

[ghost]

I have this issue also. i have firefox 117.0.1 (64-bit) and with extension [v2023.8.3] loaded via addons.mozilla i cant set a pin. if i load the extension from github it works fine. windows 11 pro workstation x64 it also happens on my android 13 phone firefox 117.0.1 and with extension [v2023.8.3] i cant set a pin using the extension. i cant load an older version of the extension on my phone as it wont let me.

[trmartin4]

testing potential fixes for two (potentially related) issues around PIN usage on the Firefox extension:

• Inability to set a PIN, and
• Inability to log in with a PIN after it is set

Are you aware there are more problems than just the PIN, e.g. my issue when I enter the master password that I described above? Would you be able to say if that is also being worked on?

@dinosmm This would be a different issue. The investigation on this front has been limited to problems with PIN set up and unlock. Could you please enter a separate Github issue?

[wavemaster447]

@trmartin4 I don't believe this is a separate issue - the most common symptom is inability to unlock your vault via PIN, but the root cause is the same - the 2023.8.3 build on addons.mozilla.org is less than half the size of all other builds, 3.99mb compared to 8-9MB for other builds. Github indicates 2023.8.3 should be 8.5MB. Something is broken in the build process, or there was a botched upload to addons.mozilla.org.

[stefan0xC]

@dinosmm I think your issue might be related to this issue insofar that the code responsible for unlocking probably throws an exception because you have set up vaultwarden to be unlocked with PIN. If you remove this setting the issue should disappear. (It may be necessary to downgrade to v2023.7.1 to uncheck the Unlock with PIN option as the checkmark may not be active. Not sure what causes this but I could not find a way to specifically replicate that situation.)

@wavemaster447 as far as I've compared the two exentsions the main difference (besides the different mangling which point to a separate build process) seems to be the removal of the .map files which at least would account for the difference in the file size of the firefox extension. (Not sure if the behavior is different as I'm not sure how to install the zip file from the release page.) edit: okay. I managed to install it as explained by https://github.com/bitwarden/clients/issues/6286#issuecomment-1724529120 and it seems to work.

[wavemaster447]

Interesting, it looks like MAP files are removed from builds now as of #6224.

[trmartin4]

We are working on a fix for this issue and have a potential resolution that we are testing now. If you are comfortable installing an unsigned extension and to ensure that we have consistent replication steps, could you please do the following with the latest release version (2023.8.3)?

1. Download v2023.8.3 of the addon
2. Open Firefox Developer Edition
3. Complete the steps here to allow unsigned extensions
4. Navigate to about:addons
5. Click gear icon and select “Install Add-on From File”
6. Select the .zip file

If you are still able to replicate the problem on this version, you can test the new version by doing the same steps, except using the build from here instead of the 2023.8.3 version.

Thank you for your patience and for your help in working through this issue with us.

[pwseo]

@trmartin4 the one from the v2023.8.3 link is the one some people already tested as temporary addons in Firefox release (or Firefox Developer Edition): there seem to be no issues with that version (tested on Windows 10 and Linux).

The problem occurs with the one from addons.mozilla.org only.

[stefan0xC]

The problem occurs with the one from addons.mozilla.org only.

@trmartin4 Just tested it (on Arch Linux with Firefox 117.0.1) and it also occurs with your suggested build. I.e. I can't even set the "Unlock with PIN" option (and it asks for my master password even if I setup Unlock with PIN before installing this version).

Steps to try: download and unzip the file , then you can go to about:debugging and select This Firefox and load the extracted dist-firefox.zip file as a temporary add-on (as explained by https://github.com/bitwarden/clients/issues/6286#issuecomment-1724529120).

As far as I can tell the problem is that you are not building the extension from the released browser-v2023.8.3 tag (which works as confirmed by many users already) but from the master branch instead. Can you try to cherry-pick b63ffd5355334eab765e94ca5475e33fe0a5877a onto the browser-v2023.8.3 (1e075bb03361192b524da53a40ab1dd8b0e812cb) if you want us to test if the new building process is the issue or if there was a different change that caused the issue?

[Akaoni]

I had what people are citing as a possible "variant", insofar as the Password Re-Prompt was not responding to key or button press (I don't use PINs).

Removing the extension and re-adding fixed the issue (at least for now). I see people have downgraded, but has anyone else tried Remove/Add as a work-around?

Win Firefox 117.0.1; Bitwarden 2023.8.3

Edit: Further to this, before removing I checked for an update and was already on v2023.8.3.

[trmartin4]

@Akaoni, if you experience any more issues with Password Re-Prompt, please let us know with another issue. The problems here do appear to be tied to the PIN entry and not the re-prompt.

[trmartin4]

@stefan0xC thank you for that test. Just to confirm:

• ❌ Current extension on addons.mozilla.org
• ❌ Extension loaded as temporary add-on from suggested build
• ✅ Extension loaded as temporary add-on from browser-v2023.8.3

To further test the theory proposed, I have cherry-picked https://github.com/bitwarden/clients/commit/b63ffd5355334eab765e94ca5475e33fe0a5877a into a branch created from the browser-v2023.8.3 tag, with the artifacts available here. If you are able to test this build it would provide valuable information for us as we track down this problem. We truly appreciate the time you have spent helping the team narrow this down.

[stefan0xC]

@trmartin4 Yeah, that's right. I've just tested it and it does not work. After trying to replicate what happens locally I think I found the issue: When copying the files to the new browser-source directory you are missing the patches/argon2-browser+1.18.0.patch file. https://github.com/bitwarden/clients/blob/284eda6cd30301ecba0bbb54ff0cbee45052a13a/.github/workflows/build-browser.yml#L139-L160 I.e. building the extension with this patch does not have the Unlock with PIN issue. Without this patch I experience the same issues as with version v2023.8.3 of the add-on uploaded to Mozilla (and also the new browser-v2023.9.0 release).

This might also explain why not everyone seems to be affected by this bug because the broken extensions still works if you are using PBKDF2 SHA-256 as the KDF algorithm. (If someone could confirm this I'd appreciate it because I just did a very cursory test.)

[imjuzcy]

A few suggestions:

• Change the title of this issue to remove the word "Windows", as it also happens to Firefox on Linux (I'm using Flatpak on Fedora, other users can confirm for other distributions/packaging)
• Pull the problematic version from addons.mozilla.org, since it's practically unusable. I think the vast majority of user have at least PIN or Master Password prompt and not without any lock at all
• Or better, post a rollback "update" that is the previous working version but with higher version number than the problematic one, so that users that are not aware of this thread can use the extension when Firefox eventually auto updates the extension

[pwseo]

@trmartin4, as @stefan0xC said, your 2023.9.0 version has the same issue (loaded it as a temporary extension).

Is it not time for some damage control? This will be the second version of the extension that does not work, and there has not been an official stance from Bitwarden regarding the issue. Also, wouldn't it be more prudent to at least beta-test these before uploading them to their respective extension "stores"?

[trmartin4]

@stefan0xC thank you for your testing and feedback. We have isolated the problem to a missing set of files in the release. It was excluded from the 2023.8.3 an 2023.9.0 releases, but we are currently preparing a 2023.9.1 release that will include these missing files. If you would like to load this version immediately you an access it from the artifacts here.

@pwseo we have been investigating and diagnosing this issue since first reports, but our initial research was focused on some changes to PIN unlock that we were ruling out as the root cause. The report of missing patch files allowed us to narrow down on the cause.

Once we release 2023.9.1 and we confirm that this resolves the issue, I will close this thread.

Thank you all for your patience and continued support.

[pwseo]

@trmartin4 Just tested the extension from the artifacts as you instructed @stefan0xC: it seems to be working.

[stefan0xC]

Can confirm that setting up Unlock with PIN, locking and unlocking with PIN works with this version again.

[okolvik]

So when will this actually be pushed as an official update?

[trmartin4]

Version 2023.9.1 of the Firefox extension includes the fix to this bug. It was submitted for review to all app stores last week and will begin rolling out as soon as it is approved.

[pwseo]

Version 2023.9.1 of the Firefox extension includes the fix to this bug. It was submitted for review to all app stores last week and will begin rolling out as soon as it is approved.

Just out of curiosity @trmartin4, how long does it usually take to approve?

[mftcodes]

I didn't want to pen a new ticket, so I'll post my experience here. It is master password related, NOT PIN related.

I'm getting this problem on Firefox browsers on Linux Gnome desktop, MacOS, and Windows 11. Specifically, this happens when firefox is restored to a previous session, and I do not get the password typed correctly the first time. Even if I get it right the first time, if I show the password while typing to double check, it also will not work. If I close the browser down, restart it, and then try, it works.

This behavior, to be clear, is the master password. I do not use a pin or biometrics.

Firefox V 118.0.1 on all OS's Bitwarden Extension version 2023.8.3

[GoodMirek]

I didn't want to pen a new ticket, so I'll post my experience here. It is master password related, NOT PIN related.

Is there any reason why you did not want to open a new ticket? Your issue seems completely different from the topic of this ticket.

[pwseo]

@mftcodes I would also suggest to try the newest version of the extension (via GitHub release page) to see if that behaviour persists. If it doesn't, then it's fixed :) v2023.8.3 had some problems, so it's best to skip it.

[mftcodes]

I didn't want to pen a new ticket, so I'll post my experience here. It is master password related, NOT PIN related.

Is there any reason why you did not want to open a new ticket? Your issue seems completely different from the topic of this ticket.

I figured it may be related, and having managed tickets on the regular, I didn't want to create more work where more work wasn't necessary. Also, I considered that my searching for the "right" ticket was a failure, and the devs would know if I needed to write a new ticket.

I"ll give the newest version a go from github and see if v 9 fixes it. If not, then I'll most definitely put in a ticket. Thank you @pwseo for that suggestion.

EDIT: Or v... whatever, looks like it might be 8.4. EDIT2: Not setting up a build environment just to get the extension. I'll just wait for the update.

[okolvik]

Does it really take over a week to get the extension officially updated? 2023.8.3 is still the official version for firefox.