Closed Bug 162585 Opened 23 years ago Closed 23 years ago

about:cache reveals the full profile path

Categories

(Core :: Networking: Cache, defect)

Product:
Core
Component:
Networking: Cache
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: darin.moz, Assigned: gordon)

References

(
URL
)

Details

from the cache security review notes: "about:cache contains profile directory path, so if attacker can read about:cache they can find profile info. Should we worry about this, maybe mask the "salt" or something?" marking this security sensitive to be conservative.
If an attacker can read about:cache, they have already got a lot of sensitive information about the user, so I don't think the fact that it reveals the profile path is a serious issue. To be super-safe, we could stop displaying that information, but we should weigh that against the usefulness of showing the cache directory. I'm going to reassign this to the Cache component to get the owners' opinions.
Assignee: mstoltz → gordon
gordon and i agree that it's secure enough; if we discover further problems, we can deal with them later. it's important for the user to know the location of their cache directory. marking INVALID
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
Group: security
VERIFIED/invalid.
Status: RESOLVED → VERIFIED
QA Contact: tever → httpqa
You need to log in before you can comment on or make changes to this bug.