browsingData extension API does not clear all kinds of cached or authentication data
Categories
(WebExtensions :: General, defect)
Tracking
(firefox136 affected, firefox137 affected, firefox138 ?)
People
(Reporter: stamatgeorge, Unassigned, NeedInfo)
References
(Depends on 3 open bugs)
Details
Attachments
(2 files)
before_clear.png
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15
Steps to reproduce:
Firefox extensions that manage browsing data are unable to delete due to bugs in the browser’s browsingData API, which fail to fully clear all cached or authentication data, leading to potential privacy risks. Is it possible to fix this?
Even after clearing cookies, cache, and site data, remnants of site-specific storage (IndexedDB, Local Storage, Service Worker data) persist in the storage/default/ directory, requiring manual deletion—leading to potential privacy concerns and storage bloat
See Issue
https://github.com/dessant/clear-browsing-data/issues/62#issuecomment-2682700431
Actual results:
https://armin.dev/blog/2019/03/firefox-extensions-browsing-data-security/
The issue is that Firefox extensions designed to clear browsing data fail to properly clear all cached or authentication data due to limitations and bugs in Firefox’s browsingData API, which poses a security risk
|
||
Updated•20 days ago
|
|
|
||
Comment 1•20 days ago
|
||
Not sure if this a request about WebExtension API or more in general about the browser's API. Starting from WebExtensions.
|
Reporter | |
Comment 2•19 days ago
|
||
All clearing extensions available rely on Firefox API to clean browsing data although even after clearing cookies, cache, and site data, remnants of site-specific storage (IndexedDB, Local Storage, Service Worker data) persist in the storage/default/ directory, requiring manual deletion—leading to potential privacy concerns and storage bloat. Developers of clearing extensions complain that the API limits them and therefore not able to clean all.
Do I make sense? lol 😀
|
||
Comment 3•14 days ago
|
||
Hello,
I reproduced the issue on the latest Nightly (137.0a1/20250302213319), Beta (136.0/20250227124745) and Release (135.0.1/20250216192613) under Windows 10 and Ubuntu 24.04 LTS.
I accessed https://www.youtube.com/, https://www.facebook.com/, https://www.wikipedia.org/ and https://www.reddit.com/ to store some data (see first screenshot) and then cleared all data via the extension. The result was that not all data was cleared (see second screenshot) i.e. YouTube and Reddit show 0 cookies but there is storage space used.
Checking the storage/default/ directory, persistent data was found there too.
|
|
||
Comment 4•14 days ago
|
||
|
|
||
Comment 5•14 days ago
|
||
|
||
Comment 6•14 days ago
|
||
Is there anything specific here that is not covered by existing bugs?
The Firefox add-on you're linking to already refers to an existing bug.
The blog post you've linked is already covered by bug 1535606.
It is very difficult to identify an actionable task for bug reports that boil down to "everything is broken".
When there are specific test cases, it enables debugging and an eventual resolution of the bug that you are encountering.
I tried to link the several issues that are already known and/or referenced by the bug report, add-ons (and my general recollection of relevant bugs). Is there anything that is not already covered by these bugs?
Description
•