Closed Bug 360107 Opened 18 years ago Closed 15 years ago

"Clear Private Data" dialog on exit too easy to miss (should appear earlier and/or time out)

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
2.0 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: nospam, Unassigned)

Details

(Keywords: privacy) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; fi; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8

When the "clear private data on exit" option is chosen, there appears to be a slight delay between the last browser window closing and the "clear private data" dialog popping up.  Thus, it is possible (and in my experience quite common) for a person using a public computer to close the browser window and leave in a hurry without noticing the dialog.  Since the dialog does not time out automatically, this leaves the next user of the workstation with the choice whether or not to clear the private data of the last user.

This is obviously a usability issue, but it also significantly compromises the security benefits of having the "clear private data" feature in the first place.  To address this, I suggest the following changes:

1. If at all possible, the confirmation dialog should pre-empt the closing of the last browser window.  It seems likely that many users take the closing of the window as a sign that the browser has been closed, without realizing that there is still a dialog about to pop up.

2. The dialog should automatically time out, defaulting to "Yes", if the user does nothing during a preconfigured short time period.  My suggestion for a suitable default timeout would be on the order of 15-30 seconds.  (Obviously, this timeout should not apply to dialogs explicitly triggered by the user.)

Reproducible: Always

Steps to Reproduce:
1. Select "clear private data on Firefox exit" in settings.
2. Close all browser windows and immediately leave the workstation (running to catch a bus or being late from a lecture recommended).
3. Come back after a while.

Actual Results:  
"Clear private data" dialog still on screen, allowing the next user to choose "No" and thus access the previous user's private data.

Expected Results:  
No dialog, browser fully closed, private data cleared by default.

This issue has been observed in practice on a shared student workstation running Windows XP.  I would expect it to probably occur on other platforms as well.

While this is technically a feature request, the feature(s) being requested are ones whose lack causes, under certain circumstances, obviously undesirable behavior with security implications.  Thus leaving severity at "normal".  I do not believe this qualifies as a confidential security problem, though, since its existence will be blatantly obvious to anyone in position to exploit it anyway.
Keywords: privacy
Reporter, do you still see this problem with the latest Firefox 2? If not, can you please close this bug as WORKSFORME. Thanks!
Whiteboard: CLOSEME 07/14
Version: unspecified → 1.5.0.x Branch
Yes, the problem still exists.  The dialog window opens after the main window has closed, can take enough time (at least a second or so, under load) that the user may have left the workstation or switched to another application in the mean time, and does not appear to time out.

The problem is most noticeable if the computer is swapping or under heavy load when Firefox is closed.  Alas, closing the main Firefox window can sometimes directly cause swapping, by revealing a previously eclipsed window belonging to another application that had been paged out of memory.

Of course, a simple workaround is to uncheck "Ask me before clearing private data" in the prefs.  However, the default state appear to be checked, and I don't think we can't really expect all users who might be affected by this to realize it and uncheck that option.

(I've also confirmed that this occurs on Linux/KDE as well as on XP, so I'm changing OS to "All".  Haven't managed to test on non-PC hardware, but I'd expect this to be hardware-independent as well.)
OS: Windows XP → All
Hardware: PC → All
Version: 1.5.0.x Branch → 2.0 Branch
Can you try in firefox 3.5. The clear private data stuff has been improved.
Whiteboard: CLOSEME 07/14
No reply, INCOMPLETE. Please retest with Firefox 3.5.6 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
The entire feature to which this bug applies appears to have been removed from Firefox 3.5 and only available as an extension, so I guess the point is moot.

I did test the AskForSanitize extension, and observed that the dialog appeared after the browser window had closed.  I thus suspect that the extension would still suffer from this issue on older hardware, but have not tested this in detail.  (In particular, I did not check whether the dialog times out or not.)  In any case, I suppose that's no longer a core Firefox bug, so this report can be closed.
Resolution: INCOMPLETE → FIXED
We did modify the clear private data dialog in 3.5, so it wasn't removed, just changed.
Resolution: FIXED → WORKSFORME
You need to log in before you can comment on or make changes to this bug.