1412239 - Firefox Profile Manager can wipe out user's main Firefox folder

Status: RESOLVED DUPLICATE of bug 302087

(Toolkit :: Startup and Profile System, defect)

Description

[Kamil Wilczek]

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170928210252

Steps to reproduce:

Dear Sirs,

I do not know that is this a bug or feature, but on a Linux at least
it is possible to wipe out the main Firefox directory using the
command line and the Profile Manager.

The recipe:

1. It is possible to create a Profile without a name by issuing
the following command:

# firefox-esr --no-remote --CreateProfile ""

This works as expected and creates a 'xxxxxxxx.' directory inside
the default '~/.mozilla/firefox' folder.

2. But there is also an option to provide the Profile directory.
It is possible to run this command:

# firefox-esr --no-remote --CreateProfile '"" /absolute/path/.mozilla/firefox/'

As a result the main Firefox directory is treated as a profile directory for the
unnamed Profile. prefs.js appears inside the ~/.mozilla/firefox/.

3. Now, using the Profile Manager we can delete the unnamed profile with
its files (it appears as a user icon without a name).

The actual problem is here: because the main Firefox directory is treated as the profile
directory, it will be deleted, with all its contents --- profile folders of other
Profiles, etc.


Actual results:

The main Firefox directory (~/.mozilla/firefox/) is no more.


Expected results:

I think that the Firefox shouldn't allow for empty Profile names and using its own main
directory as a storage for a Profile.

Comment 1

[MarjaE]

duplicate of bug 302087