Closed Bug 1787248 Opened 3 years ago Closed 3 years ago

Cache2 files recreated on opening FF W11 24.0KB and W10 PC 36.0KB Privacy breach?

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
Firefox 103
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: pauls583, Unassigned)

Details

Attachments

(3 files)

FF_Cache2-Recreation.m4v
2.05 MB, video/mp4
Details
cache2.png
85.10 KB, image/png
Details
Cache2 Screeshot W10 & Linux.png
608.34 KB, image/png
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0

Steps to reproduce:

Empty Cookies, Data and Cache files.
Close FireFox
Open FireFox
Empty Cookies, Data and Cache files.
Close FireFox
Open FireFox
36.0KB three Files recreated On W10PC

Actual results:

Two PC's same independent profile used on both:
W10 PC three files 36.0KBs always recreated on opening FF
W11 PC two files 24.0KBs recreated on opening FF

I also booted into a Linux PC and the Cache stayed at 0.0KBs on restarting FF. So Linux is fine.

Expected results:

To my naivety when emptied the Cache should be empty and stay empty.
The recreation of these same files to me would allow fingerprinting of the browser irrespective of how strong a privacy mode you set FF to. I have it clear everything on closing FF.

Whilst I could be wrong I got suspicious with my location being detected whilst using a VPN server not in my country.

Attached image cache2.png

The random names don't mean anything, but opening about:cache?storage=disk after restarting might tell us what they are. One of them is likely the response to the captive-portal probe, but then I don't know why Linux wouldn't have that one, too.

Flags: needinfo?(pauls583)
Flags: needinfo?(pauls583)

(In reply to Daniel Veditz [:dveditz] from comment #2)

The random names don't mean anything, but opening about:cache?storage=disk after restarting might tell us what they are. One of them is likely the response to the captive-portal probe, but then I don't know why Linux wouldn't have that one, too.

Hi, Daniel

I had a discussion here: https://support.mozilla.org/en-US/questions/1387467 In which I have 'about:cache' files. A few notes that I noticed.

First the Linux comment of 0kBs that seemed to happen is by not being connected to the internet. Connected to the internet and Linux creates 57kbs see the attached image for both Windows10 and Linux.

My standard profiles are, 'about blank' for all pages 'Strict' for browsing, 'Delete cookies and site data when FF closes' and 'Always use private browsing mode.' In all these cases including Linux files are always created upon start-up of FF.

In Settings -> Home -> Firefox Home Content there may be a bug in the parent checkboxes not disabling the child boxes. As mentioned in the link above. These get rid of the Tiles file that gets re-created.

Based on the screenshot: cache files aren't accessible to 3rd party websites (so there is no fingerprint risk), and those cache results are internal Firefox things. I don't think there is anything we can reasonably fix here, and certainly no security issue.

Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: