Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Funkcjonalność tej witryny będzie ograniczona w czasie konserwacji. Jeśli artykuł nie rozwiązuje twojego problemu i chcesz zadać pytanie, to nasza społeczność wsparcia jest dostępna na @FirefoxSupport na Twitterze i /r/firefox na Reddicie.

Przeszukaj pomoc

Unikaj oszustw związanych z pomocą.Nigdy nie będziemy prosić Cię o dzwonienie na numer telefonu, wysyłanie SMS-ów ani o udostępnianie danych osobowych. Zgłoś podejrzaną aktywność, korzystając z opcji „Zgłoś nadużycie”.

Więcej informacji

How is "Site Data" entirely disabled ? (No site data allowed). The Firefox 57 documentation regarding "Site Data" is entirely incorrect.

  • 9 odpowiedzi
  • 3 osoby mają ten problem
  • 4 wyświetlenia
  • Ostatnia odpowiedź od AliceWyman

more options

How is "Site Data" entirely disabled ? (No site data allowed).

The Firefox 57 documentation regarding "Site Data" is incorrect. For example, at this link https://support.mozilla.org/en-US/kb/permission-store-data?as=u&utm_source=inproduct the documentation claims Firefox 'will ask' if a website can store data - but this never occurs. It never asks, and stores any amount of data.

Various combinatons of *storage* variable settings, *cache* variable settings have been tried, all to no avail. No matter what is set, Firefox 57 allows unfettered data to be written to the disk. "Disabling" storage management merely disables the GUI entry in Preferences, but not the actual writing of "Site Data".

Sites are now dumping quasi-executable code into these 'Site Data' locations. This amounts to unauthorized software installation on machines. Mozilla Firefox is allowing unauthorized application installation on user's machines.

How is so-called "Site Data" entirely disabled, so that no "Site Data" is written to user's machines ?

How is "Site Data" entirely disabled ? (No site data allowed). The Firefox 57 documentation regarding "Site Data" is incorrect. For example, at this link https://support.mozilla.org/en-US/kb/permission-store-data?as=u&utm_source=inproduct the documentation claims Firefox 'will ask' if a website can store data - but this never occurs. It never asks, and stores any amount of data. Various combinatons of *storage* variable settings, *cache* variable settings have been tried, all to no avail. No matter what is set, Firefox 57 allows unfettered data to be written to the disk. "Disabling" storage management merely disables the GUI entry in Preferences, but not the actual writing of "Site Data". Sites are now dumping quasi-executable code into these 'Site Data' locations. This amounts to unauthorized software installation on machines. Mozilla Firefox is allowing unauthorized application installation on user's machines. How is so-called "Site Data" entirely disabled, so that no "Site Data" is written to user's machines ?

Wszystkie odpowiedzi (9)

more options

uninstall Firefox. Then Delete the Mozilla Firefox Folders in C:\Program Files and C:\Program Files(x86) Then restart system. Then run Windows Disk Cleanup. Then run it again and click the button that says Cleanup System Files. Note: your Firefox Profile is saved. But you should make a back up before you do : https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles

Reinstall with Current Release Firefox 57.0 with a Full Version Installer https://www.mozilla.org/firefox/all/

Please let us know if this solved your issue or if need further assistance.

more options

3.2920 said

Sites are now dumping quasi-executable code into these 'Site Data' locations. This amounts to unauthorized software installation on machines. Mozilla Firefox is allowing unauthorized application installation on user's machines.

Could you give a link to a reference that explain the background for this concern?

Traditionally, localStorage and sessionStorage are like a vast cookie jar that accepts key:value pairs. I actually didn't know about files being stored in DOM storage. I wonder if that is more connected to HTML5 web apps that want to be able to run offline?

What preferences did you experiment with? Access to DOM storage is gated by the site's cookie permission, and is limited by the default quota. It can be disabled using a preference but some legitimate sites may break. There are separate preferences for offline storage.

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste dom.s and pause while the list is filtered

(3) Double-click the dom.storage.default_quota preference and enter the desired value in kilobytes (default of 5120 is 5 MB).

(4) To totally disable DOM storage: Double-click the dom.storage.enabled preference to switch the value from true to false

(5) In the search box above the list, type or paste OFFL and pause while the list is filtered

(6) Double-click the offline-apps.quota.warn preference and enter the desired value -- this may be buggy

(7) To require preapproval for offline storage: Double-click the offline-apps.allow_by_default preferences to switch the value from true to false

more options

Pkshadow said

uninstall Firefox. Then Delete the Mozilla Firefox Folders in C:\Program Files and C:\Program Files(x86) Then restart system. Then run Windows Disk Cleanup. Then run it again and click the button that says Cleanup System Files. Note: your Firefox Profile is saved. But you should make a back up before you do : https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles Reinstall with Current Release Firefox 57.0 with a Full Version Installer https://www.mozilla.org/firefox/all/ Please let us know if this solved your issue or if need further assistance.

My apologies, the system is OS x 10.10.

more options

jscher2000 said

3.2920 said (3) Double-click the dom.storage.default_quota preference and enter the desired value in kilobytes (default of 5120 is 5 MB). (4) To totally disable DOM storage: Double-click the dom.storage.enabled preference to switch the value from true to false (5) In the search box above the list, type or paste OFFL and pause while the list is filtered (6) Double-click the offline-apps.quota.warn preference and enter the desired value -- this may be buggy (7) To require preapproval for offline storage: Double-click the offline-apps.allow_by_default preferences to switch the value from true to false

thx for the suggestions...

  1. 3 - tried this, did not prevent data. value set to 1, then 0
  2. 4 - tried this several times. this prevents the "site data" gui from showing in the Preferences->Privacy section, but data gets written anyway. the setting only prevents being the user from knowing about the data, which is probably not the intent.
  3. 6 - tried this. no warnings given at all, no matter what the value.
  4. 7 - tried this. does not work, regardless of setting the browser allows any amount of data be written, by any site, with no warning and no opportunity to reject.
more options

Hi 3.2920, two follow-ups:

(1) Where is the data written?

(2) Are you using regular windows or private windows for your testing?

more options

jscher2000 said

Hi 3.2920, two follow-ups: (1) Where is the data written? (2) Are you using regular windows or private windows for your testing?

(1) /Users/xxxx/Library/Application Support/Firefox/Profiles/4xxxxxx.default/storage/

(website specific directories here...)

(2) Regular Firefox windows, no private windows.

(3) Mac OSx 10.1010

more options

It's hard to tell what this data is.

I looked at [profile folder]\storage\default\https+++twitter.com\idb

(The idb folder is for IndexedDB data. If you disable IndexedDB in about:config by toggling dom.indexedDB.enabled, some extensions will break.)

05/14/2015 05:00 PM <DIR> 437107801ddma_ethyape.files 10/25/2015 07:37 PM <DIR> 4105791907cyalrndos__tkxeertn_e.files 02/18/2016 05:08 PM <DIR> 4185313131nsortoisfriucca_tnio.files 02/29/2016 11:56 AM <DIR> 1887877902cyalrndos__tkxeertn_e.files 02/29/2016 11:56 AM 49,152 1887877902cyalrndos__tkxeertn_e.sqlite 05/13/2016 06:05 PM 49,152 4185313131nsortoisfriucca_tnio.sqlite 11/07/2016 03:53 PM <DIR> 4110441544cyalrndos__tkxeertn_e.files 03/21/2017 03:09 PM 49,152 4105791907cyalrndos__tkxeertn_e.sqlite 06/26/2017 12:00 PM <DIR> 4022073352it.files 06/26/2017 12:00 PM 49,152 4022073352it.sqlite 08/23/2017 02:54 PM 49,152 4110441544cyalrndos__tkxeertn_e.sqlite 10/09/2017 05:57 PM 49,152 437107801ddma_ethyape.sqlite

I don't use Twitter that often. The folders (<DIR>) are empty; the databases have some structure but seemingly no recognizable data.

I wonder whether the data gets emptied out when I close Firefox, leaving empty shells? (I have my Twitter cookie permission set to session only.)

I deleted the whole folder and visited Twitter. The Storage panel of Developer Tools showed Local Storage data. On disk, there is a caches folder and a couple of metadata files. I can't tell where the Local Storage data is, or whether it is in this folder.

The idb folder was not reestablished on first visit. It might be created if I were to log in.

Maybe someone else can figure out what's in there, if anything.

more options

At this point, have tried all suggestions from jscher2000 and Pkshadow, including complete de-install and removal of all previous Firefox user directories. After scratch re-install the issue is still asserting.

There seems to be no method of preventing unfettered "Site Data" from being written and accumulated.

Another pathology was seen late today. In addition to "Site Data" from a visited site (www.etcblahblah.com), an apparent third-party non-visited website "Site Data" folder is written in some cases. This seems analogous to "third party cookies".

This issue does seem like a fairly obvious security hole. No idea how to submit a bug ticket to Mozilla.

Will use Safari and wait for next bug release.

more options

3.2920 said

This issue does seem like a fairly obvious security hole. No idea how to submit a bug ticket to Mozilla.

See https://bugzilla.mozilla.org/ and https://developer.mozilla.org/en-US/docs/Mozilla/QA/Bug_writing_guidelines

3.2920 said

The Firefox 57 documentation regarding "Site Data" is incorrect.

See this reopened bug report: Bug 1313602 - Need "Learn More" page for persistent storage permission

Please observe Bugzilla Etiquette before commenting in bug reports.