How can an attacker export Firefox passwords if a Master Password is set?

If a Master Password is set, the attacker must either use a tool that supports Master Password decryption—such as `firefox_decrypt.py` with the full profile folder—or import the record and key files into a local Firefox instance using the `-profile` parameter and then enter the Master Password manually. Note that `firepwd.py` has a known bug with `key4.db` Master Password decryption, making `firefox_decrypt.py` the more reliable choice for newer Firefox versions.