Closed Bug 357485 Opened 18 years ago Closed 18 years ago

Privacy leak: clearing private data does not clear favicons

Categories

(Firefox :: Bookmarks & History, defect)

1.5.0.x Branch
x86
Linux
defect
Not set
major

Tracking

()

RESOLVED INVALID

People

(Reporter: usenet, Unassigned)

Details

Favicons remain on disk, even when private data is cleared. This is a security risk, as it means that a partial record of which websites have previously been browsed remains on-disk, regardless of privacy settings.

To reproduce:
* Make bookmarks, and revisit so favicons can be seen in menus
* Clear private data (and, optionally, also restart browser after clearing)
* Look at menus again

What happens:
* Favicons are still in the menu, and still on disk

What should happen:
* Favicons should be cleared from disk, and also removed from menus in running browser
Is this really a privacy leak? The favicons are encoded as data: urls in the bookmark file. If you're keeping the bookmark itself what's the point of trying to hide the favicon?
Group: security
Ah: if they are stored in the same place as the bookmarks themselves, and do not persist anywhere else in the system, then that's not a problem. Sorry about that: I'll resolve this as INVALID, if I can.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.