Closed
Bug 321422
Opened 19 years ago
Closed 19 years ago
FRAMAKEY / Portable Thunderbird - informations of the accounts users stay on station of reception
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: cyberbase, Unassigned)
References
Details
(Keywords: privacy)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8) Gecko/20051107 Firefox/1.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8) Gecko/20051107 Thunderbird/1.0.7 Security hole in FRAMAKEY / Portable Thunderbird - informations of the accounts users(description of parameters pop, name account, smtp, ...) are stored on the station which accomodates the FRAMAKEY in C:\Documents and Settings\"account user"\Application Data\Thunderbird\Profiles\8ucj7p3m.default\prefs.js. FRAMAKEY is a portable solution and the advantage is not to leave any trace on the station of reception of the FRAMAKEY. Especially because the FRAMAKEY will be used like wandering data carrier, therefore used regularly on multiple different stations. That poses a problem as for A data protection personal. Reproducible: Always
Add hnavette@free.fr to cc list please
|
||
Comment 2•19 years ago
|
||
*** Bug 321423 has been marked as a duplicate of this bug. ***
|
|
||
Comment 3•19 years ago
|
||
http://www.framakey.org/En/Index From what I can tell, FramaKey is a usb key and a package of preconfigured software. Caroline, it sounds as if they have configured the software incorrectly to store information on the computer's hard drive instead of on the usb key. Have you reported this probem to the developers of Framakey? hnavette@free.fr does not have a bugzilla account and can not be added to the cc list without and account.
afaik it's amazingly non trivial to do this right. and in fact i believe people were told explicitly that doing this right would be hard when they expressed an interest in implementing it. that said. i'm not sure why we're being asked to deal with this as a middle person for a third party product with which we have very little association. The English information for the package i can find lists thunderbird 1.0.6 as the current version: http://www.framakey.org/En/Individuels at present the mozilla.org ftp servers list 1.0.7 as the latest release: ftp://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/ The faq claims that firefox doesn't leave much of a trace but doesn't explicitly make the same statement about thunderbird....
|
||
Comment 5•19 years ago
|
||
This is at best a privacy bug in a non-standard configuration that doesn't need the confidential flag, and more likely a bug in the Framakey modification/adaptation of Thunderbird that shouldn't be in our bugzilla. Is their code based on the John T. Haller "Portable App" implementations, or have they tried to re-implement all of those changes? They don't give any credit that I can see except an eventual link to the mozilla-europe site which only covers the standard versions.
Assignee: dveditz → nobody
Group: security
Keywords: privacy
Summary: Security hole in FRAMAKEY / Portable Thunderbird - informations of the accounts users stay on station of reception → FRAMAKEY / Portable Thunderbird - informations of the accounts users stay on station of reception
|
||
Comment 6•19 years ago
|
||
This is invalid in that it's not a mozilla product, and/or it's a duplicate of the "allow USB-local profiles" bug.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•