Open Bug 1858017 Opened 2 years ago Updated 2 years ago

Crash reports containing browsing history (even from private windows) are persisted in profile for a long time

Categories

(Toolkit :: Crash Reporting, defect, P3)

Product:
Toolkit
Component:
Crash Reporting
Version:
Firefox 117
Type:
defect

Tracking

()

People

(Reporter: ps.office, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0

Steps to reproduce:

  1. In the settings, set the "never remember history" option, leave everything else as is, restart browser.
  2. Just browse internet. For irrelevant reason, sometimes Firefox crashes and wants to upload the crash report. Click Submit report. In the "submit.log" file in my profile I can see "Crash report submitted successfully".

Actual results:

The crash reports are still available in both:

  • "~/snap/firefox/common/.mozilla/firefox/Crash Reports/Pending" directory
  • "~/snap/firefox/common/.mozilla/firefox/<profile>/Crashes/store.json.mozlz4" file
    Both of the above contain the websites visited while in the private browsing mode. They were retained there for at least a few months. What's more, I tried switching off the telemetry in the Firefox settings and it had no impact, they're still there.

Expected results:

I would expect my private browsing history to be either never persisted to disk, or if necessary, then deleted promptly, e.g. after crash report submission or after a short retention period of time. Specifically, when I close a private browsing session I would expect the history not to be available to reconstruct (i.e. to the extent that Firefox has reasonable control).

The Bugbug bot thinks this bug should belong to the 'Toolkit::Startup and Profile System' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Startup and Profile System
Product: Firefox → Toolkit
Component: Startup and Profile System → Crash Reporting

The severity field is not set for this bug.
:gsvelto, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(gsvelto)

There's two issues this, both of which are valid:

  • The code that cleans up old crash reports from $HOME/.mozilla/firefox/Crash Reports/Pending has been disabled for a while pending some extra testing. Re-enabling it should be enough to fix this problem and ensure that old crash reports are not left lying around.
  • The code that handles the crash database in $HOME/.mozilla/firefox/<profile>/Crashes/store.json.mozlz4 cleans it up periodically, but keeps every entry around for ~6 months which is probably excessive. Given our crash reporting machinery is in much better shape than when this was introduced we might drop this store entirely.
Severity: -- → S3
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(gsvelto)
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.