Security Bug Indexed DB

[Paleist]

Indexed DB doesn't get cleared creating a security leak perfect for tracking Firefox users. Does this also apply to Pale Moon?

https://superuser.com/questions/1250944/how-can-this-website-reidentify-me-even-after-deleting-all-of-my-browsers-histo

[JustOff]

This does not seem to me a bug, just use about:permissions -> "Forget About This Site" as suggested on the link above.

[Moonchild]

Clearing history doesn't mean cookies, storage or other things are deleted. If you think this is the case then you need to read up on things

[Paleist]

Clearing history doesn't mean cookies, storage or other things are deleted. If you think this is the case then you need to read up on things

Did you read what I linked?
That guy did the following:

Delete all my browsers history which includes cache, cookies, website settings, download history, search history, browser history and active logins. Basically everything that can be deleted through the Firefox menu.

This should include Offline Website Data and Site Preferences, there are checkboxes for that.

This does not seem to me a bug, just use about:permissions -> "Forget About This Site" as suggested on the link above.

Doing this for every site is possible but a tedious task. Regarding bugs the following seems seriously buggy:

Even worse, neither the greyed-out "Use Default: Always Ask" in the above screen capture, nor enabling "Tell you when a website asks to store data for offline use" in settings, Advanced, Network, have any effect to avoid storage

[mseliger]

Definitiv a bug and this bug exists since 8 years.
Here you find some information in german about the bug:
https://www.heise.de/newsticker/meldung ... 35084.html

[JoeyG]

Although I found one in my Firefox profile, I wasn't able to find an IndexedDB folder anywhere in Pale Moon, either in the program folder or my profile.

Are we perhaps talking about the files in the "cache2\entries" folder in the Pale Moon program folder? In my case, it contains 1,252 files and takes up about 38mb.

If not, where is the Pale Moon IndexedDB folder, please?

And - just out of interest - what happens if I delete all the data in the "cache2\entries" folder? I temporarily dumped all the files into my Recycle Bin, but a brief check didn't reveal any obvious problems in using Pale Moon.

Thank you.

P.S. I just came across this relevant Forum entry: viewtopic.php?t=16475

P.P.S. Sorry to drag this out, but I just looked in this folder: C:\Users\Joe\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\z94f3nou.default\storage\default
It's empty, although I've been using Pale Moon all day. Is this the way it's supposed to be, and if it's not, what am I doing wrong (or maybe right)? Thanks.

[adesh]

what happens if I delete all the data in the "cache2\entries" folder?

Off-topic:
Nothing harmful, only a slight slowdown in loading of webpages which were cached earlier. No effect if you have sufficiently fast internet connection!

It's empty, although I've been using Pale Moon all day. Is this the way it's supposed to be, and if it's not, what am I doing wrong (or maybe right)?

Off-topic:
Again, nothing to worry. It means that the websites you visit do not use indexedDB (most do not), or you have it disabled.

[JoeyG]

@ adesh

Thank you very much.

[dark_moon]

And here the news from gHacks: https://www.ghacks.net/2017/09/20/firef ... rspective/

[JustOff]

This does not seem to me a bug, just use about:permissions -> "Forget About This Site" as suggested on the link above.

Doing this for every site is possible but a tedious task.

This could be easily automated via add-on, but do we really need it?

[JustOff]

This could be easily automated via add-on, but do we really need it?

See viewtopic.php?p=122301#p122301.

[Moonchild]

The unstable version of today adds deletion of indexeddb data when clearing "offline website data". Considering this is a hot topic, I'd like someone here to verify that this works as-is, and if so, I'll uplift it as a final addition to the pending release. Because of release engineering, I'd need to have a yes or no come tomorrow (the 22nd). It's been tested by Justoff locally, but independent verification would be needed to warrant the uplift.

[Paleist]

Mozilla incubates this bug 8 years, you solve it in less than 8 days. Great.

[Moonchild]

Mozilla incubates this bug 8 years, you solve it in less than 8 days. Great.

Regardless of the misnomer in the title (it's not a security bug), this privacy issue should indeed have been on Mozilla's agenda a lot sooner if they are truly "putting your privacy first" as is bleated from the highest windows of their offices world-wide.

As an aside, this will be in 27.5.0 -- it's been confirmed working as-intended on trunk and uplifted, so you can enjoy IndexedDB cleanup when removing Offline Website Data from that version on.