[Bug 663607] [NEW] Firefox can be tracked by evercookie even if configured to delete all contents when quit and dom storage disabled

Launchpad Bug Tracker Thu, 04 Nov 2010 08:35:52 -0700

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Marc Deslauriers 
(mdeslaur):


Binary package hint: firefox

i found that firefox can be identified by websites through several
technologies even with heigh privacy settings.

http://samy.pl/evercookie/ reports the same number after ending a session and 
quitting firefox.
this should not happen because the preferences are set to delete history, 
cookies, download-history, active logins, search terms, cache, saved passwords 
and offline website data when quitting.
also dom.storage.enabled is set to false in about:config.

here is the output of the evercookie script:

userData mechanism: undefined
cookieData mechanism: 283
localData mechanism: undefined
globalData mechanism: undefined
sessionData mechanism: undefined
windowData mechanism: 283
historyData mechanism: undefined
pngData mechanism: 283
etagData mechanism: 
cacheData mechanism: 283
lsoData mechanism: 283
slData mechanism: undefined

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: firefox 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
ProcVersionSignature: Ubuntu 2.6.32-25.45-generic 2.6.32.21+drm33.7
Uname: Linux 2.6.32-25-generic x86_64
NonfreeKernelModules: wl
Architecture: amd64
Date: Wed Oct 20 01:50:17 2010
FirefoxPackages:
 firefox 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
 firefox-gnome-support 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
 firefox-branding 3.6.10+build1+nobinonly-0ubuntu0.10.04.1
 abroswer N/A
 abrowser-branding N/A
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Alpha amd64 (20100223.2)
ProcEnviron:
 PATH=(custom, user)
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: firefox

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug lucid
-- 
Firefox can be tracked by evercookie even if configured to delete all contents 
when quit and dom storage disabled
https://bugs.edge.launchpad.net/bugs/663607
You received this bug notification because you are a member of Ubuntu Bugs, 
which is a direct subscriber.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 663607] [NEW] Firefox can be tracked by evercookie even if configured to delete all contents when quit and dom storage disabled

Reply via email to