Closed Bug 1468116 Opened 7 years ago Closed 7 years ago

Icons from private browsing tabs on Fennec are stored in the disk cache

Categories

(Firefox for Android Graveyard :: Favicon Handling, defect, P1)

Product:
Firefox for Android Graveyard
Component:
Favicon Handling
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1448305

People

(Reporter: robwu, Assigned: robwu)

Details

(Keywords: privacy)

I found 100MB of icon URLs and data in cache/icons in my Firefox profile on Android, from sites that I have visited in private browsing tabs. There are many duplicates, and all the time stamps of the files reveals when a site had been visited. To reproduce (on a rooted Android device): 1. Open Firefox. 2. Visit a page that you have not visited before in normal browsing mode. 3. Connect with "adb shell". Switch to a root shell if necessary ("su", or use "adb root" before using "adb shell") 4. Notice that icon(s) for this site appeared in /data/data/org.mozilla.firefox/cache/icons/ If your shell supports it, use: ls -latr /data/data/org.mozilla.firefox/cache/icons Otherwise it's probably easier to spot the files by removing all existing icon files. I investigated, as follows: 1. The "icons" directory is created here: https://searchfox.org/mozilla-central/rev/edbf2c009992315d85eeb885e1b8edbbd43c84b7/mobile/android/base/java/org/mozilla/gecko/icons/storage/DiskStorage.java#71 2. The items are added to the cache here: https://searchfox.org/mozilla-central/rev/04b9cbbc2be2137a37e158a5ebaf9c7bef2364f9/mobile/android/base/java/org/mozilla/gecko/icons/processing/DiskProcessor.java#26,33 3. To find all potential callers, I followed the IconTask constructor, and found that it was created by IconRequestBuiler, which is accessed through Icons.with: https://searchfox.org/mozilla-central/rev/04b9cbbc2be2137a37e158a5ebaf9c7bef2364f9/mobile/android/base/java/org/mozilla/gecko/icons/Icons.java#33 4. All consumers of Icons.with can be found as folows: https://searchfox.org/mozilla-central/search?q=icons.with There are 14 non-test callers, and there is only one caller that (indirectly) accounts for private browsing mode... I'm going to submit patches for most of these callers, except for: - BrowserApp.java : "Favicon:Request" is used by browser UI (about:logins and search engines). - GeckoApplication.java : createBrowserShortcut is already leaking state - TopSitesGridItemView.java : Top sites is already in history. - SearchEnginePreference.java : Search engines are already saved somewhere. - HomeScreenPrompt.java : Caller in AddToHomeScreenPromotion.java already checks pb status - ReadingListHelper.java : prepareOnly() is used, so the DiskProcessor is never reached. - activitystream (StreamOverridablePageIconLayout.java and TopSitesCard.java ) : It is based on the browsing history, so I am inclined to not change anything for now and keep caching their icons.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Group: firefox-core-security → mobile-core-security
Product: Firefox for Android → Firefox for Android Graveyard
Group: mobile-core-security
You need to log in before you can comment on or make changes to this bug.