[Bug 288236] [NEW] Firefox 3 doesn't clear content-prefs.sqlite on Tools -> Clear Private Data
Launchpad Bug Tracker
288236 at bugs.launchpad.net
Fri Oct 24 14:46:38 UTC 2008
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
Ubuntu 8.04, firefox-3.0 3.0.3+build1+nobinonly-0ubuntu0.8.04.1.
The menu item Tools -> Clear Private Data should clear out browser
history so there's no mention of what sites the user has visited. It
attempts to do this, and initially it seems to work, e.g. Ctrl-H brings
up an empty list, but FF3 doesn't delete the list of what zoom setting
you prefer per domain.
To test, Clear Private Data, visit a site, e.g. http://google.com/, hit
Ctrl-- a couple of times to make the text smaller, Clear Private Data
again and exit. Then
sqlite3 ~/.mozilla/firefox/*.default/content-prefs.sqlite .dump
and you'll see google.com in the list along with all the other sites
that it's remembering content-prefs for.
Marking this as a security vulnerability because users may think they've
cleaned up after themselves, but there's information there for others to
find.
** Affects: firefox-3.0 (Ubuntu)
Importance: Undecided
Status: New
--
Firefox 3 doesn't clear content-prefs.sqlite on Tools -> Clear Private Data
https://bugs.launchpad.net/bugs/288236
You received this bug notification because you are a member of Mozilla Bugs, which is subscribed to firefox-3.0 in ubuntu.
More information about the Ubuntu-mozillateam-bugs
mailing list