Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?


Failed to load latest commit information.
Latest commit message
Commit time

Firefox Decrypt

GitHub Actions status Gitmoji badge

As of 1.0.0 Python 3.9+ is required. Python 2 is no longer supported. If you encounter a problem, try the latest release or check open issues for ongoing work.

If you definitely need to use Python 2, Firefox Decrypt 0.7.0 is your best bet, although no longer supported.

Table of contents


Firefox Decrypt is a tool to extract passwords from profiles of Mozilla (Fire/Water)fox™, Thunderbird®, SeaMonkey® and derivates.

It can be used to recover passwords from a profile protected by a Master Password as long as the latter is known. If a profile is not protected by a Master Password, passwords are displayed without prompt.

This tool does not try to crack or brute-force the Master Password in any way. If the Master Password is not known it will simply fail to recover any data.

It requires access to libnss3, included with most Mozilla products. The script is usually able to find a compatible library but may in some cases load an incorrect/incompatible version. If you encounter this situation please file a bug report.

Alternatively, you can install libnss3 (Debian/Ubuntu) or nss (Arch/Gentoo/…). libnss3 is part of

If you need to decode passwords from Firefox 3 or older, although not officially supported, there is a patch in this pull request.




The tool will present a numbered list of profiles. Enter the relevant number.

Then, a prompt to enter the master password for the profile:

  • if no password was set, no master password will be asked.
  • if a password was set and is known, enter it and hit key Return or Enter
  • if a password was set and is no longer known, you can not proceed

Advanced usage

If your profiles are at an unusual path, you can call the script with:

python /folder/containing/profiles.ini/

If you don't want to display all passwords on the screen you can use:

python | grep -C2 keyword

where keyword is part of the expected output (URL, username, email, password …)

You can also choose from one of the supported formats with --format:

  • human - a format displaying one record for every 3 lines
  • csv - a spreadsheet-like format. See also --csv-* options for additional control.
  • tabular - similar to csv but producing a tab-delimited (tsv) file instead.
  • json - a machine compatible format - see JSON
  • pass - a special output format that directly calls to the command to export passwords (*). See also --pass-* options.

(*) pass can produce unintended consequences. Make sure to backup your password store before using this.

Non-interactive mode

A non-interactive mode which bypasses all prompts, including profile choice and master password, can be enabled with -n/--no-interactive. If you have multiple Mozilla profiles, make sure to also indicate your profile choice by passing -c/--choice N where N is the number of the profile you wish to decrypt (starting from 1).

You can list all available profiles with -l/--list (to stdout).

Your master password is read from stdin.

$ python --list
1 -> l1u1xh65.default
2 -> vuhdnx5b.YouTube
3 -> 1d8vcool.newdefault
4 -> ekof2ces.SEdu
5 -> 8a52xmtt.Fresh

$ read -sp "Master Password: " PASSWORD
Master Password:

$ echo $PASSWORD | python --no-interactive --choice 4
Username: 'john.doe'
Password: '1n53cur3'

Username: 'max.mustermann'
Password: 'Passwort1234'

Username: 'octocat'
Password: 'qJZo6FduRcHw'


$ echo $PASSWORD | python -nc 1
Username: 'foo'
Password: 'bar'

Username: 'whatdoesthefoxsay'
Password: 'w00fw00f'


$ # Unset Password
Format CSV

Passwords may be exported in CSV format using the --format flag.

python --format csv

Additionally, --csv-delimiter and --csv-quotechar flags can specify which characters to use as delimiters and quote characters in the CSV output.

Format Pass - Passwordstore

Stored passwords can be exported to pass (from using:

python --format pass

All existing passwords will be exported after the pattern web/<address>[:<port>]. If multiple credentials exist for the same website /<login> is appended. By pass convention, the password will be on the first and the username on the second line.

To prefix the username with login: for compatibility with the browserpass extension, you can use:

python --format pass --pass-username-prefix 'login: '

There is currently no way to selectively export passwords.

Exporting will overwrite existing passwords without warning. Ensure you have a backup or are using the pass git functionality.


If a problem occurs, please try firefox_decrypt in high verbosity mode by calling it with:

python -vvv

If the output does not help you to identify the cause and a solution to the problem, file a bug report including the verbose output. Beware:

  • your profile password, as well as other passwords, may be visible in the output – so please remove any sensitive data before sharing the output.

Both Python and Firefox must be either 32-bit or 64-bit.

If you mix architectures the code will fail. More information on issue #8.

cmd.exe is not supported due to it's poor UTF-8 support. Use Microsoft Terminal and install UTF-8 compatible fonts. Depending on the Terminal settings, the Windows version and the language of your system, you may also need to force Python to run in UTF-8 mode with PYTHONUTF8=1 python


If you get the error described in #14 when loading libnss3, consider installing nss using Homebrew or an alternative package manager.

While not supported, you may find that DYLD_LIBRARY_PATH=. python3 will work in some configurations.


If you wish to run the test suite locally, chdir into tests/ and run ./run_all

If any test fails on your system, please ensure libnss is installed.

If tests continue to fail, re-run with ./run_all -v then please file a bug report including:

  • the output
  • information about your system (e.g. Linux distribution, version of libnss/firefox …).

It is much appreciated.


All Contributors

See for a complete list of contributions

Spin-off, derived and related works

Firefox is a trademark of the Mozilla Foundation in the U.S. and other countries.