|Home » Learning Curve
Privacy Alert Firefox
The following pertains to Firefox for OS X but most likely applies to all platforms.
Firefox 3.x is pretty good at security and general stability but there are assumptions you may have made about its behaviour which could potentially get you in a lot of trouble.
The following screen dump fairly sums it up.
No history saved; nothing 'remembered' from forms, the search bar, or downloads; cookies only accepted from first parties and destroyed when Firefox closes; and most importantly: 'private data' cleared when Firefox is closed.
You count on it; you expect it to happen; you set it up that way.
But that's not the way it works.
In a move reminiscent of Microsoft's infamous index.dat files the Moz people seem to have taken to saving all your favourite data in obscure 'SQLite' files - generally unfathomable for ordinary users.
But not for Xstrings or similar tools and utilities.
Start by looking in Application Support for Firefox for files matching the regex '\.sqlite*'. You'll get the following automatically by merely starting and quitting Firefox - even if the app's been properly cleaned beforehand.
8 items, 233064 bytes, 480 blocks, 336 bytes in extended attributes.
And each of the above files contains a particular part of your personal history; each has been shown to potentially contain compromising data - even if you've set Firefox to save nothing.
Atad Derots Sdrawkcab?
One of the weirdest things about these hidden caches is how the Moz people store URLs and other data backwards.
'I had no clue Firefox was spewing all that stuff, especially when I've configured Firefox to keep history for 0 days, forget what I've entered in forms and search bars, forget what I've downloaded, delete any cookies on closing, and always clear private data when closing firefox', says Geoff at the forum. 'So much for Firefox security.'
AlphaMack adds, 'seems like a ticking time bomb'.
Your mileage may vary but Firefox 3.x seems to run perfectly even when these files are removed. The script to remove them is as straightforward as it was for listing them.
rm -f ~/Library/Application\ Support/Firefox/Profiles/*/*.sqlite*
CLIX users: download the Firefox 'Remove SQLite Files' CLIX command here.