Firefox security risk? What's with this "Cache.Trash" folder?

  • Thread starter Thread starter john p.
  • Start date Start date
J

john p.

While poking around in my Docs and Settings, I noticed a folder in the
mozilla\firefox\profiles\default directory called "Cache.Trash". In
this folder there is another folder called "Trash", and in that folder
there is one called "Cache". Inside the last folder I found, much to
my surprise, all the items I had cleared from my internet cache. Now I
don't know about you, but when I tell a browser to clear the cache, I
expect it to CLEAR the cache, not just move it to another folder on my
hard drive. Especially when the command to do that is found under a
section named "Privacy" in the browser's options. Interestingly, if
you delete the Cache.Trash folder, the entire hierarchy is simply
recreated the next time you "clear" the cache. The only way to really
get rid of the files is to open your file manager and delete them
manually. I really like Firefox and had switched to it as my default
browser, but I consider this "feature" to be a serious enough breach
of privacy and security to cause me to re-think that decision. There
seems to me to be no good reason for the programmers to include this
behavior, and it unfortunately causes me to be (probably
unjustifiably) suspicious of their motives. If anyone knows a way to
permanently eliminate this Cache.Trash folder, I'd love to hear it.
BTW, I already tried setting the folder attributes to "read-only", and
the damned program simply created another one called "Trash-1".
 
While poking around in my Docs and Settings, I noticed a folder in the
mozilla\firefox\profiles\default directory called "Cache.Trash". In
this folder there is another folder called "Trash", and in that folder
there is one called "Cache". Inside the last folder I found, much to
my surprise, all the items I had cleared from my internet cache.
Click to expand...

Suggestion if you happen to use broadband and a fairly speedy PC. Set
cache size to zero. Works much better for me that way in any event,
since I don't need Refresh to see the latest version of the web page.
And I don't notice the lack of cache for faster page rendering hardly
at all.


Art
http://www.epix.net/~artnpeg
 
john p. wrote:

seems to me to be no good reason for the programmers to include this
behavior, and it unfortunately causes me to be (probably
unjustifiably) suspicious of their motives. If anyone knows a way to
permanently eliminate this Cache.Trash folder, I'd love to hear it.
Click to expand...

In some ways Firefox is more a religion (or a lest more "crusade") than
anything else--and I seriously doubt the team would "sin" by
purposefully leaving a security hole. (Not that it's impossible for
there to be one rogue developer).

Have you asked about this on Firefox's forums? You can fix a lot of
things by adding a line of text to the user.js file (that may not exist
yet if you haven't created it). Or you may just have it
configured/installed incorrectly.
seems to me to be no good reason for the programmers to include this
Click to expand...

LOL--like it or not, sometimes collaborative open source projects are
more expedient than elegant. This isn't a Mozilla policy and they
certainly aren't lazy--but politics in a company with a "dictatorship"
(or "benevolent dictatorship" if there can be such a thing) are actually
much simpler than in an organization like firefox. "Tedious to fix" and
"unimportant" can look a lot like the same thing when you can't order
everyone to work on it--or threaten to replace them if they don't.

I suspect this bug (assuming that is what it is) is a leftover from that
original killer app--Netscape Navigator. And (if it is a bug) I'll bet
they've known about it and discussed it on bugzilla for a long time.

Brian
 
john p. wrote:

seems to me to be no good reason for the programmers to include this
behavior, and it unfortunately causes me to be (probably
unjustifiably) suspicious of their motives. If anyone knows a way to
permanently eliminate this Cache.Trash folder, I'd love to hear it.
Click to expand...


In some ways Firefox is as much a religion (or a lest as much "crusade")
as anything else--and I seriously doubt the team would "sin" by
purposefully leaving a security hole. (Not that it's impossible for
there to be one rogue developer).

Have you asked about this on Firefox's forums? You can fix a lot of
things by adding a line of text to the user.js file (that may not exist
yet if you haven't created it). Or you may just have it
configured/installed incorrectly.
seems to me to be no good reason for the programmers to include this
Click to expand...

LOL--like it or not, sometimes programming (and on collaborative open
source projects in particular) is more expedient than elegant. This
isn't a Mozilla policy and they certainly aren't lazy--but politics in a
company with a "dictatorship" (or "benevolent dictatorship" if there can
be such a thing) are actually much simpler than in an organization like
firefox. "Tedious to fix" and "unimportant" can look a lot like the
same thing when you can't order everyone to work on it--or threaten to
replace them if they don't.

I suspect this bug (assuming that is what it is) is a leftover from that
original killer app--Netscape Navigator. And (if it is a bug) I'll bet
they've known about it and discussed it on bugzilla for a long time.

Brian
 
john p. said:
Thanks, good suggestion, but it still bothers me that Firefox doesn't
properly clear the cache.
Click to expand...

Running firefox from a ram drive could be a solution.
 
While poking around in my Docs and Settings, I noticed a
folder in the mozilla\firefox\profiles\default directory
called "Cache.Trash". In this folder there is another
folder called "Trash", and in that folder there is one
called "Cache". Inside the last folder I found, much to my
surprise, all the items I had cleared from my internet
cache. Now I don't know about you, but when I tell a
browser to clear the cache, I expect it to CLEAR the cache,
not just move it to another folder on my hard drive.
Especially when the command to do that is found under a
section named "Privacy" in the browser's options.
Interestingly, if you delete the Cache.Trash folder, the
entire hierarchy is simply recreated the next time you
"clear" the cache. The only way to really get rid of the
files is to open your file manager and delete them
manually.
Click to expand...


I just went into mine and found my Cache.Trash folder
completely empty. I don't know what is going on here, but I
think I must be doing something right, using 0.93 with XP
here.



--
RL
Unofficial Adaware Updater (+other goodies)
http://home.earthlink.net/~ringomei/page2.html
********************************
Pricelessware:
http://www.pricelessware.org,
http://www.pricelesswarehome.org,
 
john said:
While poking around in my Docs and Settings, I noticed a folder in the
mozilla\firefox\profiles\default directory called "Cache.Trash". In
this folder there is another folder called "Trash", and in that folder
there is one called "Cache". Inside the last folder I found, much to
my surprise, all the items I had cleared from my internet cache. Now I
don't know about you, but when I tell a browser to clear the cache, I
expect it to CLEAR the cache, not just move it to another folder on my
hard drive.
Click to expand...

I've noticed this exact same activity in Moz. However, I totally
deleted the Cache.Trash folder and as you said it came back. Since
then though, it's not had anything in it. Might be because of that
master batch file I made that calls several others which deltree,
delete, backup and copy various files and folders.
Especially when the command to do that is found under a
section named "Privacy" in the browser's options. Interestingly, if
you delete the Cache.Trash folder, the entire hierarchy is simply
recreated the next time you "clear" the cache. The only way to really
get rid of the files is to open your file manager and delete them
manually. I really like Firefox and had switched to it as my default
browser, but I consider this "feature" to be a serious enough breach
of privacy and security to cause me to re-think that decision. There
seems to me to be no good reason for the programmers to include this
behavior, and it unfortunately causes me to be (probably
unjustifiably) suspicious of their motives. If anyone knows a way to
permanently eliminate this Cache.Trash folder, I'd love to hear it.
BTW, I already tried setting the folder attributes to "read-only", and
the damned program simply created another one called "Trash-1".
Click to expand...

I'd just make a shortcut to your profile folder on your desktop and
keep an eye on it.

But I agree, I really don't like this crap either and totally don't
see the need for it.
 
I've noticed this exact same activity in Moz. However, I
totally deleted the Cache.Trash folder and as you said it
came back. Since then though, it's not had anything in it.
Might be because of that master batch file I made that
calls several others which deltree, delete, backup and copy
various files and folders
Click to expand...


Mine one is empty, I never didn't anything to it....wondering
why....


--
RL
Unofficial Adaware Updater (+other goodies)
http://home.earthlink.net/~ringomei/page2.html
********************************
Pricelessware:
http://www.pricelessware.org,
http://www.pricelesswarehome.org,
 
I've noticed this exact same activity in Moz. However, I totally
deleted the Cache.Trash folder and as you said it came back. Since
then though, it's not had anything in it. Might be because of that
master batch file I made that calls several others which deltree,
delete, backup and copy various files and folders.
Click to expand...

Something else to add to my bat cleaners, then.
 
On 8/9/2004 3:18 PM, R. L. wrote:

[...]
I just went into mine and found my Cache.Trash folder
completely empty. I don't know what is going on here, but I
think I must be doing something right, using 0.93 with XP
here.
Click to expand...

Mine is also empty.
 
While poking around in my Docs and Settings, I noticed a folder in the
mozilla\firefox\profiles\default directory called "Cache.Trash". In
this folder there is another folder called "Trash", and in that folder
there is one called "Cache". Inside the last folder I found, much to
my surprise, all the items I had cleared from my internet cache. Now I
don't know about you, but when I tell a browser to clear the cache, I
expect it to CLEAR the cache, not just move it to another folder on my
hard drive. Especially when the command to do that is found under a
section named "Privacy" in the browser's options. Interestingly, if
you delete the Cache.Trash folder, the entire hierarchy is simply
recreated the next time you "clear" the cache. The only way to really
get rid of the files is to open your file manager and delete them
manually. I really like Firefox and had switched to it as my default
browser, but I consider this "feature" to be a serious enough breach
of privacy and security to cause me to re-think that decision. There
seems to me to be no good reason for the programmers to include this
behavior, and it unfortunately causes me to be (probably
unjustifiably) suspicious of their motives. If anyone knows a way to
permanently eliminate this Cache.Trash folder, I'd love to hear it.
BTW, I already tried setting the folder attributes to "read-only", and
the damned program simply created another one called "Trash-1".
Click to expand...

There is an extension, xKiosk, that can be installed in Firefox that
let's you take care of this privacy issue and a few others:

http://extensionroom.mozdev.org/more-info/xkiosk




--
Dennis Roark

(e-mail address removed)
Starting Points:
http://sio.midco.net/denro/www
 
Back
Top