Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Learning Curve

Privacy Alert Firefox

The following pertains to Firefox for OS X but most likely applies to all platforms.


Get It

Try It

Firefox 3.x is pretty good at security and general stability but there are assumptions you may have made about its behaviour which could potentially get you in a lot of trouble.

The following screen dump fairly sums it up.

No history saved; nothing 'remembered' from forms, the search bar, or downloads; cookies only accepted from first parties and destroyed when Firefox closes; and most importantly: 'private data' cleared when Firefox is closed.

You count on it; you expect it to happen; you set it up that way.

But that's not the way it works.

index.dat

In a move reminiscent of Microsoft's infamous index.dat files the Moz people seem to have taken to saving all your favourite data in obscure 'SQLite' files - generally unfathomable for ordinary users.

But not for Xstrings or similar tools and utilities.

Start by looking in Application Support for Firefox for files matching the regex '\.sqlite*'. You'll get the following automatically by merely starting and quitting Firefox - even if the app's been properly cleaned beforehand.

8 items, 233064 bytes, 480 blocks, 336 bytes in extended attributes.

~/Library/Application Support/Firefox/Profiles/*/content-prefs.sqlite
~/Library/Application Support/Firefox/Profiles/*/cookies.sqlite
~/Library/Application Support/Firefox/Profiles/*/downloads.sqlite
~/Library/Application Support/Firefox/Profiles/*/formhistory.sqlite
~/Library/Application Support/Firefox/Profiles/*/permissions.sqlite
~/Library/Application Support/Firefox/Profiles/*/places.sqlite
~/Library/Application Support/Firefox/Profiles/*/places.sqlite-journal
~/Library/Application Support/Firefox/Profiles/*/webappsstore.sqlite

And each of the above files contains a particular part of your personal history; each has been shown to potentially contain compromising data - even if you've set Firefox to save nothing.

Atad Derots Sdrawkcab?

One of the weirdest things about these hidden caches is how the Moz people store URLs and other data backwards.

00000000000014d4 http://rixstep.com/rixstep.commoc.petsxir.
000000000000150f http://radsoft.net/radsoft.netten.tfosdar.
0000000000001ab8 http://help.yahoo.com/help/us/mail/mail-03.htmlmail-03.htmlmoc.oohay.pleh.
0000000000001b13 http://webfusion.co.uk/popups/tier_one.phptier_one.phpku.oc.noisufbew.
0000000000001c1a http://xs4all.nl/~suelette/underground/justin/contents.htmlcontents.htmlln.lla4sx.
0000000000001f89 http://speedtest.net/speedtest.netten.tsetdeeps.
000000000000206f http://toolbar.netcraft.com/stats/topsitestopsitesmoc.tfarcten.rabloot.
000000000000bfe1 http://rixstep.com/favicon.ico
000000000001565f ten.tfosdar.u
00000000000156ee ku.oc.cbb.www.n
00000000000157b6 ku.oc.noisufbew.d
0000000000015b6a moc.petsxir.9
0000000000015b7b moc.petsxir.8
0000000000015c56 gro.ehcapa.dptth.,
00000000000262c8 http://rixstep.com/rixstep.commoc.petsxir.
0000000000026303 http://radsoft.net/radsoft.netten.tfosdar.
0000000000026907 http://webfusion.co.uk/popups/tier_one.phptier_one.phpku.oc.noisufbew.
0000000000026a0e http://xs4all.nl/~suelette/underground/justin/contents.htmlcontents.htmlln.lla4sx.
0000000000026b0f http://thesuperficial.com/thesuperficial.commoc.laicifrepuseht.
0000000000026d7d http://speedtest.net/speedtest.netten.tsetdeeps.
0000000000026e63 http://toolbar.netcraft.com/stats/topsitestopsitesmoc.tfarcten.rabloot.

No Idea!

'I had no clue Firefox was spewing all that stuff, especially when I've configured Firefox to keep history for 0 days, forget what I've entered in forms and search bars, forget what I've downloaded, delete any cookies on closing, and always clear private data when closing firefox', says Geoff at the forum. 'So much for Firefox security.'

AlphaMack adds, 'seems like a ticking time bomb'.

YMMV

Your mileage may vary but Firefox 3.x seems to run perfectly even when these files are removed. The script to remove them is as straightforward as it was for listing them.

rm -f ~/Library/Application\ Support/Firefox/Profiles/*/*.sqlite*

CLIX users: download the Firefox 'Remove SQLite Files' CLIX command here.

See Also
Mozilla: Firefox

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.