On Tue, 15 Sep 2009 02:40:10 +0300 Imri Goldberg <[email protected]> wrote:
> It seems this was some kind of a 'known secret', but firefox' privacy mode > isn't private. Apparently, websites[1] can use flash to store > 'Local-Shared-Objects' (LSOs, see > http://en.wikipedia.org/wiki/Local_Shared_Object ), which are basically > cookies. Firefox' regular capabilities of 'clear all private data' and > 'privacy mode', which supposedly don't leave any record of your browsing > history, don't erase these files. Yes, Mozilla is aware of this and is working with plugin vendors such as Adobe to get them to use newly created APIs and to assist in developing other needed APIs that allow Firefox to notify plugins that such objects need to be deleted (such as when a user enters private browsing mode or just wishes to clear all browsing history). If you're interested in following a few of the tracking bugs for solving these problems, you can check out: https://bugzilla.mozilla.org/show_bug.cgi?id=508167 NPAPI additions for clearing recent history (e.g. for "flash cookies") https://bugzilla.mozilla.org/show_bug.cgi?id=290456 Block/clear Flash MX "cookies" as well ~reed Mozilla Security Group -- Reed Loden - <[email protected]>
pgpkO5H8cbr3i.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
