Firefox 3 doesn't clear content-prefs.sqlite on Tools -> Clear Private Data
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mozilla Firefox |
Invalid
|
Medium
|
|||
firefox-3.0 (Ubuntu) |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Ubuntu 8.04, firefox-3.0 3.0.3+build1+
The menu item Tools -> Clear Private Data should clear out browser history so there's no mention of what sites the user has visited. It attempts to do this, and initially it seems to work, e.g. Ctrl-H brings up an empty list, but FF3 doesn't delete the list of what zoom setting you prefer per domain.
To test, Clear Private Data, visit a site, e.g. http://
sqlite3 ~/.mozilla/
and you'll see google.com in the list along with all the other sites that it's remembering content-prefs for.
Marking this as a security vulnerability because users may think they've cleaned up after themselves, but there's information there for others to find.
Changed in firefox: | |
status: | Unknown → In Progress |
Changed in firefox-3.0: | |
importance: | Undecided → Medium |
status: | Confirmed → Triaged |
Changed in firefox: | |
status: | In Progress → Invalid |
Changed in firefox: | |
importance: | Unknown → Medium |
Created an attachment (id=298217)
patch v1: clears site-specific prefs when clearing browser history
Here's a patch that clears site-specific prefs when clearing browser history. It includes tests for the code that does the clearing and is fairly straightforward.