Privacy leak: clearing private data does not clear favicons

RESOLVED INVALID

Status

()

--
major
RESOLVED INVALID
12 years ago
12 years ago

People

(Reporter: usenet, Unassigned)

Tracking

1.5.0.x Branch
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

12 years ago
Favicons remain on disk, even when private data is cleared. This is a security risk, as it means that a partial record of which websites have previously been browsed remains on-disk, regardless of privacy settings.

To reproduce:
* Make bookmarks, and revisit so favicons can be seen in menus
* Clear private data (and, optionally, also restart browser after clearing)
* Look at menus again

What happens:
* Favicons are still in the menu, and still on disk

What should happen:
* Favicons should be cleared from disk, and also removed from menus in running browser
Is this really a privacy leak? The favicons are encoded as data: urls in the bookmark file. If you're keeping the bookmark itself what's the point of trying to hide the favicon?
Group: security
(Reporter)

Comment 2

12 years ago
Ah: if they are stored in the same place as the bookmarks themselves, and do not persist anywhere else in the system, then that's not a problem. Sorry about that: I'll resolve this as INVALID, if I can.
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.