hi all,

i was doing some investigating on my drive since i am planning to write a program which reads the saved passwords and usernames for Firefox (just like iekey.exe from passware does for Internet Explorer).
but what i have found out is that when you go to "tools","options","privacy" and hit the "clear all" button, nothing is removed! the files which contain the stored history and the "encrypted passwords" still have the same content AFTER pressing that button. you'll have to clear all the options one by one in order to clean your history.

also all interesting data is saved in one and the same folder:
C:\Documents and Settings\<your username>\Application Data\Mozilla\Firefox\Profiles\default.sfp

in this folder there are several interesting files, but one of them is the most interesting: signons.txt. this is the txt file where the url history AND the saved passwords and usernames are stored (although encrypted).

i think the encryption is some kind of base64 form since the encryptions looks a lot like it (but can't be decyphered using base64).

also when you have cleared all data, one by one via the GUI from firefox, this file still contains semi personal data, it is some kind of url history which goes way back in time.
e.a.:

the signons.txt file on my computer contains the following:

#2c
http://www.antionline.com
http://www.guidancesoftware.com
http://admin.bbknk.nl
http://ldbreg.lycos.com
http://www.modifiedmemphis.com
http://www.governmentsecurity.org
http://www.programmersheaven.com
http://www.gulftech.org
http://www.hackquest.de
https://piauth.prodigy.net
http://www.hackerslab.org
http://cboard.cprogramming.com
http://www.securstar.com
http://www.cc-cards.net
http://sbcglobal.prodigy.net
http://www.linuxforums.org
http://www.windowsforum.org
http://www.linuxquestions.org
http://www.actorpoint.com
http://217.30.18.106:8080
http://www.codeguru.com
http://members.driverguide.com
http://www.loginmatrix.com
http://www.ps3portal.com
http://www.security-forums.com
http://neworder.box.sk
http://www.asisonline.org
http://gradespeed.hardin.isd.esc4.net:81
http://www.programmingforums.org
.
this file contains entries of sites i haven't visited in about 2 months (and i clear my history etc about 2 times per week)!


i find this a really BAD thing that anyone who can read files on your computer can find out these things so easily even if you think you are safe by clearing your cache, history, passwords etc very often, the file still contains personal data!

so i think i will go for another browser (again), and hope to find one which DOES delete everything if you say so!