@bolzer yes third party cookies shouldn’t be disabled, or at least you should allow 3rd party cookie from your passbolt domain.
This is due to the fact that some calls are made from moz:// urls and not https://passbolt urls, e.g. API calls made by the extension used cookies to authenticate.
The browser needs to accept passbolt domain to use cookies from this moz:// scheme.
You don’t have to whitelist them all, just your domain. See https://github.com/passbolt/passbolt_api/issues/177