How can an attacker export Firefox passwords offline if no Master Password is set?

If no Master Password is configured, the attacker only needs to obtain the record file (`logins.json` or `signons.sqlite`) and the corresponding key file (`key4.db` or `key3.db`) from the user's Firefox profile directory. Tools like `firepwd.py` can then decrypt the `encryptedUsername` and `encryptedPassword` fields using the stored key and IV, revealing the plaintext credentials. This offline approach is similar to techniques used for Chrome browser password export.