Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34

Thread: Firefox 0.9.3 false safety

  1. #1

    Firefox 0.9.3 false safety

    hi all,

    i was doing some investigating on my drive since i am planning to write a program which reads the saved passwords and usernames for Firefox (just like iekey.exe from passware does for Internet Explorer).
    but what i have found out is that when you go to "tools","options","privacy" and hit the "clear all" button, nothing is removed! the files which contain the stored history and the "encrypted passwords" still have the same content AFTER pressing that button. you'll have to clear all the options one by one in order to clean your history.

    also all interesting data is saved in one and the same folder:
    C:\Documents and Settings\<your username>\Application Data\Mozilla\Firefox\Profiles\default.sfp

    in this folder there are several interesting files, but one of them is the most interesting: signons.txt. this is the txt file where the url history AND the saved passwords and usernames are stored (although encrypted).

    i think the encryption is some kind of base64 form since the encryptions looks a lot like it (but can't be decyphered using base64).

    also when you have cleared all data, one by one via the GUI from firefox, this file still contains semi personal data, it is some kind of url history which goes way back in time.
    e.a.:

    the signons.txt file on my computer contains the following:

    this file contains entries of sites i haven't visited in about 2 months (and i clear my history etc about 2 times per week)!


    i find this a really BAD thing that anyone who can read files on your computer can find out these things so easily even if you think you are safe by clearing your cache, history, passwords etc very often, the file still contains personal data!

    so i think i will go for another browser (again), and hope to find one which DOES delete everything if you say so!

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    This file doesn't exist under PR1.0 that I can see. Out of curiosity, why are you running an older vulnerable version?
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  3. #3
    Senior Member
    Join Date
    May 2004
    Posts
    274
    Yes u r right i have checked the mentioned files and it is disclosing the information that i have cleared from the 'Options' menu. Guys anyone knows that why is this happening that after hitting the 'Clear All' button in 'Options' menu, the information si still ther on the system. :-(
    Excuse me, is there an airport nearby large enough for a private jet to land?

  4. #4
    This file doesn't exist under PR1.0 that I can see. Out of curiosity, why are you running an older vulnerable version?
    because i still need to reinstall my system, and haven't bothered getting an updated version yet (i know, not a good thing, but i'm planning on doing it tomorrow!)

    but i will try and figure out where the passwords are stored in the latest version too

    [EDIT]well, just installed the latest version, and it appears to be solved here, BUT the passwords are still stored in the same file (signons.txt)![/EDIT]

  5. #5
    so i think i will go for another browser (again), and hope to find one which DOES delete everything if you say so!


    Avant browser http://www.avantbrowser.com/
    There wasn\'t any paper used here, but millions of electrons were terribly inconvenienced

  6. #6
    SecGod, you seem to be anti Internet Explorer, according to your post here:
    http://www.antionline.com/showthread...r=1#post790717

    Understand that Avant is just a browser that runs off the IE engine.

    It's pretty much the same as running IE, w/ some extra features.

  7. #7
    then that's not a good option either, since i do not like IE for its lack of safety too..

    perhaps i will try opera and see how safe this is

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Isn't the signons.txt the wallet password storer? That is, you have the browser remember your logins? Isn't that whole process insecure to begin with? I never used it with IE, why would I use it with Firefox in the first place (I use mozilla but same diff in some regards)?

    chsh, you're probably like me and don't use it, hence why you can't find it. The process of storing user name, password and other info locally has always been an insecurity and one thing that many (if not all) browser manufacturers enable. That and HTML emails are evil things that software manufacturers developed for the "ease of users" (i.e., lazy users).

    So if you don't want to have passwords stored locally, don't use the wallet feature. Problem solved.

    Oh.. on a side note, the author of this little tool is trying to create an equivalent for firefox. He seems to agree with you that it is a Base64 (based on an August entry in his blog this year).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Oh.. on a side note, the author of this little tool is trying to create an equivalent for firefox. He seems to agree with you that it is a Base64 (based on an August entry in his blog this year).
    well, it looks like it is base64 encoded, but when i try to decode a string, it doesn't work (also his script doesn't work).

    normally i NEVER used stored passwords, but i know of many people who do, so it IS a security issue, and when you can't erase it (although your under the impression that you did), makes it a even bigger security issue.

  10. #10
    Junior Member
    Join Date
    Oct 2004
    Posts
    10

    Firefox

    Firefox is a good browser, Just as good as anyother browser.
    I dont think that the problems is in the browser. More likley its how you use the browser and what settings you have.

    And remember thats just an oppninion

    (please mind my spelling english isnt my first language )

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •