Edinburgh Napier University

  Data leakage is a serious issue and can result in the loss of sensitive data,
compromising user accounts and details, potentially affecting millions of internet
users. This paper contributes to research in online security and reducing personal
footprint by evaluating the levels of privacy provided by the Firefox browser. The
aim of identifying conditions that would minimize data leakage and maximize data
privacy is addressed by assessing and comparing data leakage in the four possible
browsing modes: normal and private modes using a browser installed on the host
PC or using a portable browser from a connected USB device respectively. To
provide a firm foundation for analysis, a series of carefully designed, pre-planned
browsing sessions were repeated in each of the various modes of Firefox. This
included low RAM environments to determine any effects low RAM may have on
browser data leakage.
The results show that considerable data leakage may occur within Firefox. In
normal mode, all of the browsing information is stored within the Mozilla profile
folder in Firefox-specific SQLite databases and sessionstore.js. While passwords
were not stored as plain text, other confidential information such as credit card
numbers could be recovered from the Form history under certain conditions. There
is no difference when using a portable browser in normal mode, except that the
Mozilla profile folder is located on the USB device rather than the host's hard disk.
By comparison, private browsing reduces data leakage. Our findings confirm that
no information is written to the Firefox-related locations on the hard disk or USB
device during private browsing, implying that no deletion would be necessary and no remnants of data would be forensically recoverable from unallocated space.
However, two aspects of data leakage occurred equally in all four browsing modes.
Firstly, all of the browsing history was stored in the live RAM and was therefore
accessible while the browser remained open. Secondly, in low RAM situations, the
operating system caches out RAM to pagefile.sys on the host's hard disk.
Irrespective of the browsing mode used, this may include Firefox history elements
which can then remain forensically recoverable for considerable time.