Re: Firefox' privacy mode not so private

[Reed Loden <reed () reedloden com>]

On Tue, 15 Sep 2009 02:40:10 +0300
Imri Goldberg <lorgandon () gmail com> wrote:

> It seems this was some kind of a 'known secret', but firefox' privacy mode
> isn't private. Apparently, websites[1] can use flash to store
> 'Local-Shared-Objects' (LSOs, see
> http://en.wikipedia.org/wiki/Local_Shared_Object ), which are basically
> cookies. Firefox' regular capabilities of 'clear all private data' and
> 'privacy mode', which supposedly don't leave any record of your browsing
> history, don't erase these files.

Yes, Mozilla is aware of this and is working with plugin vendors such as
Adobe to get them to use newly created APIs and to assist in developing
other needed APIs that allow Firefox to notify plugins that such objects
need to be deleted (such as when a user enters private browsing mode or
just wishes to clear all browsing history).

If you're interested in following a few of the tracking bugs for solving
these problems, you can check out:

https://bugzilla.mozilla.org/show_bug.cgi?id=508167
NPAPI additions for clearing recent history (e.g. for "flash cookies")

https://bugzilla.mozilla.org/show_bug.cgi?id=290456
Block/clear Flash MX "cookies" as well

~reed
Mozilla Security Group

-- 
Reed Loden - <reed () reedloden com>

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.