Comment 18 for bug 288236

Ubuntu 8.04, firefox-3.0 3.0.3+build1+nobinonly-0ubuntu0.8.04.1.

The menu item Tools -> Clear Private Data should clear out browser history so there's no mention of what sites the user has visited. It attempts to do this, and initially it seems to work, e.g. Ctrl-H brings up an empty list, but FF3 doesn't delete the list of what zoom setting you prefer per domain.

To test, Clear Private Data, visit a site, e.g. http://google.com/, hit Ctrl-- a couple of times to make the text smaller, Clear Private Data again and exit. Then

    sqlite3 ~/.mozilla/firefox/*.default/content-prefs.sqlite .dump

and you'll see google.com in the list along with all the other sites that it's remembering content-prefs for.

Marking this as a security vulnerability because users may think they've cleaned up after themselves, but there's information there for others to find.