Firefox can be tracked by evercookie even if configured to delete all contents when quit and dom storage disabled

Bug #663607 reported by lirel
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: firefox

i found that firefox can be identified by websites through several technologies even with heigh privacy settings.

http://samy.pl/evercookie/ reports the same number after ending a session and quitting firefox.
this should not happen because the preferences are set to delete history, cookies, download-history, active logins, search terms, cache, saved passwords and offline website data when quitting.
also dom.storage.enabled is set to false in about:config.

here is the output of the evercookie script:

userData mechanism: undefined
cookieData mechanism: 283
localData mechanism: undefined
globalData mechanism: undefined
sessionData mechanism: undefined
windowData mechanism: 283
historyData mechanism: undefined
pngData mechanism: 283
etagData mechanism:
cacheData mechanism: 283
lsoData mechanism: 283
slData mechanism: undefined

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: firefox 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
ProcVersionSignature: Ubuntu 2.6.32-25.45-generic 2.6.32.21+drm33.7
Uname: Linux 2.6.32-25-generic x86_64
NonfreeKernelModules: wl
Architecture: amd64
Date: Wed Oct 20 01:50:17 2010
FirefoxPackages:
 firefox 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
 firefox-gnome-support 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
 firefox-branding 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
 abroswer N/A
 abrowser-branding N/A
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Alpha amd64 (20100223.2)
ProcEnviron:
 PATH=(custom, user)
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: firefox

Revision history for this message
lirel (m8r-lcodw5) wrote :
visibility: private → public
Changed in firefox (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. The issue you are reporting is an upstream one and it would be nice if somebody having it could send the bug to the developers of the software by following the instructions at https://wiki.ubuntu.com/Bugs/Upstream/Mozilla. If you have done so, please tell us the number of the upstream bug (or the link), so we can add a bugwatch that will inform us about its status. Thanks in advance.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers