How is "Site Data" entirely disabled ? (No site data allowed). The Firefox 57 documentation regarding "Site Data" is entirely incorrect.
How is "Site Data" entirely disabled ? (No site data allowed).
The Firefox 57 documentation regarding "Site Data" is incorrect. For example, at this link https://support.mozilla.org/en-US/kb/permission-store-data?as=u&utm_source=inproduct the documentation claims Firefox 'will ask' if a website can store data - but this never occurs. It never asks, and stores any amount of data.
Various combinatons of *storage* variable settings, *cache* variable settings have been tried, all to no avail. No matter what is set, Firefox 57 allows unfettered data to be written to the disk. "Disabling" storage management merely disables the GUI entry in Preferences, but not the actual writing of "Site Data".
Sites are now dumping quasi-executable code into these 'Site Data' locations. This amounts to unauthorized software installation on machines. Mozilla Firefox is allowing unauthorized application installation on user's machines.
How is so-called "Site Data" entirely disabled, so that no "Site Data" is written to user's machines ?
Wszystkie odpowiedzi (9)
uninstall Firefox. Then Delete the Mozilla Firefox Folders in C:\Program Files and C:\Program Files(x86) Then restart system. Then run Windows Disk Cleanup. Then run it again and click the button that says Cleanup System Files. Note: your Firefox Profile is saved. But you should make a back up before you do : https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles
Reinstall with Current Release Firefox 57.0 with a Full Version Installer https://www.mozilla.org/firefox/all/
Please let us know if this solved your issue or if need further assistance.
3.2920 said
Sites are now dumping quasi-executable code into these 'Site Data' locations. This amounts to unauthorized software installation on machines. Mozilla Firefox is allowing unauthorized application installation on user's machines.
Could you give a link to a reference that explain the background for this concern?
Traditionally, localStorage and sessionStorage are like a vast cookie jar that accepts key:value pairs. I actually didn't know about files being stored in DOM storage. I wonder if that is more connected to HTML5 web apps that want to be able to run offline?
What preferences did you experiment with? Access to DOM storage is gated by the site's cookie permission, and is limited by the default quota. It can be disabled using a preference but some legitimate sites may break. There are separate preferences for offline storage.
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
(2) In the search box above the list, type or paste dom.s and pause while the list is filtered
(3) Double-click the dom.storage.default_quota preference and enter the desired value in kilobytes (default of 5120 is 5 MB).
(4) To totally disable DOM storage: Double-click the dom.storage.enabled preference to switch the value from true to false
(5) In the search box above the list, type or paste OFFL and pause while the list is filtered
(6) Double-click the offline-apps.quota.warn preference and enter the desired value -- this may be buggy
(7) To require preapproval for offline storage: Double-click the offline-apps.allow_by_default preferences to switch the value from true to false
Pkshadow said
uninstall Firefox. Then Delete the Mozilla Firefox Folders in C:\Program Files and C:\Program Files(x86) Then restart system. Then run Windows Disk Cleanup. Then run it again and click the button that says Cleanup System Files. Note: your Firefox Profile is saved. But you should make a back up before you do : https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles Reinstall with Current Release Firefox 57.0 with a Full Version Installer https://www.mozilla.org/firefox/all/ Please let us know if this solved your issue or if need further assistance.
My apologies, the system is OS x 10.10.
jscher2000 said
3.2920 said (3) Double-click the dom.storage.default_quota preference and enter the desired value in kilobytes (default of 5120 is 5 MB). (4) To totally disable DOM storage: Double-click the dom.storage.enabled preference to switch the value from true to false (5) In the search box above the list, type or paste OFFL and pause while the list is filtered (6) Double-click the offline-apps.quota.warn preference and enter the desired value -- this may be buggy (7) To require preapproval for offline storage: Double-click the offline-apps.allow_by_default preferences to switch the value from true to false
thx for the suggestions...
- 3 - tried this, did not prevent data. value set to 1, then 0
- 4 - tried this several times. this prevents the "site data" gui from showing in the Preferences->Privacy section, but data gets written anyway. the setting only prevents being the user from knowing about the data, which is probably not the intent.
- 6 - tried this. no warnings given at all, no matter what the value.
- 7 - tried this. does not work, regardless of setting the browser allows any amount of data be written, by any site, with no warning and no opportunity to reject.
Hi 3.2920, two follow-ups:
(1) Where is the data written?
(2) Are you using regular windows or private windows for your testing?
jscher2000 said
Hi 3.2920, two follow-ups: (1) Where is the data written? (2) Are you using regular windows or private windows for your testing?
(1) /Users/xxxx/Library/Application Support/Firefox/Profiles/4xxxxxx.default/storage/
(website specific directories here...)
(2) Regular Firefox windows, no private windows.
(3) Mac OSx 10.1010
It's hard to tell what this data is.
I looked at [profile folder]\storage\default\https+++twitter.com\idb
(The idb folder is for IndexedDB data. If you disable IndexedDB in about:config by toggling dom.indexedDB.enabled, some extensions will break.)
05/14/2015 05:00 PM <DIR> 437107801ddma_ethyape.files
10/25/2015 07:37 PM <DIR> 4105791907cyalrndos__tkxeertn_e.files
02/18/2016 05:08 PM <DIR> 4185313131nsortoisfriucca_tnio.files
02/29/2016 11:56 AM <DIR> 1887877902cyalrndos__tkxeertn_e.files
02/29/2016 11:56 AM 49,152 1887877902cyalrndos__tkxeertn_e.sqlite
05/13/2016 06:05 PM 49,152 4185313131nsortoisfriucca_tnio.sqlite
11/07/2016 03:53 PM <DIR> 4110441544cyalrndos__tkxeertn_e.files
03/21/2017 03:09 PM 49,152 4105791907cyalrndos__tkxeertn_e.sqlite
06/26/2017 12:00 PM <DIR> 4022073352it.files
06/26/2017 12:00 PM 49,152 4022073352it.sqlite
08/23/2017 02:54 PM 49,152 4110441544cyalrndos__tkxeertn_e.sqlite
10/09/2017 05:57 PM 49,152 437107801ddma_ethyape.sqlite
I don't use Twitter that often. The folders (<DIR>) are empty; the databases have some structure but seemingly no recognizable data.
I wonder whether the data gets emptied out when I close Firefox, leaving empty shells? (I have my Twitter cookie permission set to session only.)
I deleted the whole folder and visited Twitter. The Storage panel of Developer Tools showed Local Storage data. On disk, there is a caches folder and a couple of metadata files. I can't tell where the Local Storage data is, or whether it is in this folder.
The idb folder was not reestablished on first visit. It might be created if I were to log in.
Maybe someone else can figure out what's in there, if anything.
At this point, have tried all suggestions from jscher2000 and Pkshadow, including complete de-install and removal of all previous Firefox user directories. After scratch re-install the issue is still asserting.
There seems to be no method of preventing unfettered "Site Data" from being written and accumulated.
Another pathology was seen late today. In addition to "Site Data" from a visited site (www.etcblahblah.com), an apparent third-party non-visited website "Site Data" folder is written in some cases. This seems analogous to "third party cookies".
This issue does seem like a fairly obvious security hole. No idea how to submit a bug ticket to Mozilla.
Will use Safari and wait for next bug release.
3.2920 said
This issue does seem like a fairly obvious security hole. No idea how to submit a bug ticket to Mozilla.
See https://bugzilla.mozilla.org/ and https://developer.mozilla.org/en-US/docs/Mozilla/QA/Bug_writing_guidelines
3.2920 said
The Firefox 57 documentation regarding "Site Data" is incorrect.
See this reopened bug report: Bug 1313602 - Need "Learn More" page for persistent storage permission
Please observe Bugzilla Etiquette before commenting in bug reports.