Skip to main content

Research Repository

Advanced Search

An assessment of data leakage in Firefox under different conditions.

Findlay, Calum; Leimich, Petra


Calum Findlay


Data leakage is a serious issue and can result in the loss of sensitive data,
compromising user accounts and details, potentially affecting millions of internet
users. This paper contributes to research in online security and reducing personal
footprint by evaluating the levels of privacy provided by the Firefox browser. The
aim of identifying conditions that would minimize data leakage and maximize data
privacy is addressed by assessing and comparing data leakage in the four possible
browsing modes: normal and private modes using a browser installed on the host
PC or using a portable browser from a connected USB device respectively. To
provide a firm foundation for analysis, a series of carefully designed, pre-planned
browsing sessions were repeated in each of the various modes of Firefox. This
included low RAM environments to determine any effects low RAM may have on
browser data leakage.
The results show that considerable data leakage may occur within Firefox. In
normal mode, all of the browsing information is stored within the Mozilla profile
folder in Firefox-specific SQLite databases and sessionstore.js. While passwords
were not stored as plain text, other confidential information such as credit card
numbers could be recovered from the Form history under certain conditions. There
is no difference when using a portable browser in normal mode, except that the
Mozilla profile folder is located on the USB device rather than the host's hard disk.
By comparison, private browsing reduces data leakage. Our findings confirm that
no information is written to the Firefox-related locations on the hard disk or USB
device during private browsing, implying that no deletion would be necessary and no remnants of data would be forensically recoverable from unallocated space.
However, two aspects of data leakage occurred equally in all four browsing modes.
Firstly, all of the browsing history was stored in the live RAM and was therefore
accessible while the browser remained open. Secondly, in low RAM situations, the
operating system caches out RAM to pagefile.sys on the host's hard disk.
Irrespective of the browsing mode used, this may include Firefox history elements
which can then remain forensically recoverable for considerable time.

Presentation Conference Type Conference Paper (unpublished)
Conference Name CFET 2014: 7th International Conference on Cybercrime Forensics Education & Training
Start Date Jul 10, 2014
End Date Jul 11, 2014
Acceptance Date May 8, 2014
Publication Date Jul 10, 2014
Deposit Date Jun 8, 2016
Peer Reviewed Peer Reviewed
ISBN 97801909067158
Keywords Data leakage; Firefox; private browsing; portable browsing;
privacy; RAM; pagefile.sys; SQLite; sessionstore;
Public URL