Closed Bug 1468116 Opened 6 years ago Closed 6 years ago

Icons from private browsing tabs on Fennec are stored in the disk cache

Categories

(Firefox for Android Graveyard :: Favicon Handling, defect, P1)

Product:
Firefox for Android Graveyard
Component:
Favicon Handling
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1448305

People

(Reporter: robwu, Assigned: robwu)

Details

(Keywords: privacy) 

I found 100MB of icon URLs and data in cache/icons in my Firefox profile on Android, from sites that I have visited in private browsing tabs. There are many duplicates, and all the time stamps of the files reveals when a site had been visited.


To reproduce (on a rooted Android device):
1. Open Firefox.
2. Visit a page that you have not visited before in normal browsing mode.
3. Connect with "adb shell". Switch to a root shell if necessary ("su", or use "adb root" before using "adb shell")
4. Notice that icon(s) for this site appeared in
   /data/data/org.mozilla.firefox/cache/icons/

   If your shell supports it, use: ls -latr /data/data/org.mozilla.firefox/cache/icons
   Otherwise it's probably easier to spot the files by removing all existing icon files.



I investigated, as follows:
1. The "icons" directory is created here:
   https://searchfox.org/mozilla-central/rev/edbf2c009992315d85eeb885e1b8edbbd43c84b7/mobile/android/base/java/org/mozilla/gecko/icons/storage/DiskStorage.java#71

2. The items are added to the cache here:
   https://searchfox.org/mozilla-central/rev/04b9cbbc2be2137a37e158a5ebaf9c7bef2364f9/mobile/android/base/java/org/mozilla/gecko/icons/processing/DiskProcessor.java#26,33

3. To find all potential callers, I followed the  IconTask constructor, and found that it was created by IconRequestBuiler, which is accessed through Icons.with: 
   https://searchfox.org/mozilla-central/rev/04b9cbbc2be2137a37e158a5ebaf9c7bef2364f9/mobile/android/base/java/org/mozilla/gecko/icons/Icons.java#33

4. All consumers of Icons.with can be found as folows:
   https://searchfox.org/mozilla-central/search?q=icons.with

There are 14 non-test callers, and there is only one caller that (indirectly) accounts for private browsing mode...
I'm going to submit patches for most of these callers, except for:
- BrowserApp.java : "Favicon:Request" is used by browser UI (about:logins and search engines).
- GeckoApplication.java : createBrowserShortcut is already leaking state
- TopSitesGridItemView.java : Top sites is already in history.
- SearchEnginePreference.java : Search engines are already saved somewhere.
- HomeScreenPrompt.java : Caller in AddToHomeScreenPromotion.java already checks pb status
- ReadingListHelper.java : prepareOnly() is used, so the DiskProcessor is never reached.
- activitystream (StreamOverridablePageIconLayout.java and TopSitesCard.java ) : It is based on the browsing history, so I am inclined to not change anything for now and keep caching their icons.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Group: firefox-core-security → mobile-core-security
Product: Firefox for Android → Firefox for Android Graveyard
Group: mobile-core-security
You need to log in before you can comment on or make changes to this bug.