Posted on 04/17/2006 5:58:28 AM PDT by antiRepublicrat
Something nobody thought of: Sure, Mozilla deletes various sensitive information at the click of a button, but where you've been browsing is hidden elsewhere in a useful feature. Here's the bug:
-------------------------------------
This privacy flaw has caused my fiancé and I to break-up after having dated for 5 years.
Basically, we share one computer but under separate Windows XP user accounts. We both use Mozilla Firefox -- well, he used to use it more than I do but now we don't really use it. The privacy flaw is this: when he went to log-in under his dating sites (jdate.com, swinglifestyle.com, adultfriendfinder.com, etc.), Mozilla promptly asks whether or not he'd like Firefox to save the passwords for him. He chose never, obviously. However, when he logged off his user account, and I logged onto my Windows XP account X amount of days later, I decided to use Firefox because hey -- it loaded everything much more efficiently, was better to work on with website designs and is a lot more stable than IE7beta2.
Firefox prompted whether or not I'd like it to save my password for logging into my website. I chose never and changed my mind. I went into the Password Manager to change the saved password option from Never to Always and that's when I saw all these other sites that had been selected as "Never Save Password." Of course, those were sites I had never visited or could ever dream of visiting.
Then I realized who, how and what... and sh*t hit the fan. Your browser does not efficiently respect the privacy of different users for one system.
Reproducible: Always
(Excerpt) Read more at bugzilla.mozilla.org ...
This caused me problems with very early versions of FF (actually Phoenix). In the early betas, things could break massively from one rev to another, and you'd actually have to go in and manually kill your existing profile or the program would die upon startup (or act squirrely in other ways).
Ah, well - I suppose FF actually did this lady a favor ;)
It got me into the habit of backing up my profile on a regular basis. My bookmarks.html file has transferred from the first copy of Netscape I ever ran. It would suck much if I lost them IMO.
You definitely painted a scenario which would produce the results she described and given the likelihood of the other theories tossed out your chain of events is most likely what happened (Occum's razor), and I'm sure a jury would buy it as well ;) I don't use FF so I don't know for sure how it works, I was describing applications in general. Creators of an app throwing a setting in HKLM instead of HKCU is fairly common.
You don't have to tell me - nothing is more aggravating than apps like that. It totally breaks security, but of course it works for the developers because they're always running as admins when they test the thing, and it never occurs to them to try it with lower privileges. Sigh. ;)
There are people who would probably sue Firefox on such grounds. All they need is the OJ jury to award them millions where even no sympathy is due.
What he should have done is created his own profile in Firefox. Not a lot of people are that savvy, but providing a way (e.g. cheat sheet, instructions, etc.) to do this would help dramatically.
I run my computer with 6 accounts on my computer (2 WinXP, 3 Linux, Linux root) All six have their own profiles.
End result--no problems.
What should be emphasized is for people to clear their profile when they uninstall--or perhaps ask the user whether they want to save their configuration somewhere (floppy, Desktop, USB stick, etc.) and then automatically delete the master profile.
LOL!
As usual, the resident troll has nothing to contribute to the thread.
Making fun of your endless bogus assertions has plenty of point, we wouldn't want others believing them as fact now would we?
The Troll still contributes nothing to the thread. Then again, we don't expect much of trolls.
Constantly correcting the "linux lies" makes me a troll? LOL!
By all means troll, could you please describe where on this thread you were 'Constantly correcting the "linux lies"'.
Otherwise, you've just told another lie.
Sound familiar? It should LOL.
Did you even read this thread before spouting your normal nonsense? Apparently not, although it probably wouldn't have mattered LOL.
It has nothing to contribute to the thread.
Senator Bedfellow worked things out in an amicable way. Too bad our troll is not a civilized human being.
He just doesn't know you as well as I do.
You are a waste of perfectly good air.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.