Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2008-63

User tracking via XUL persist attribute

Announced
December 16, 2008
Reporter
Hish
Impact
Low
Products
Firefox
Fixed in
  • Firefox 3.0.5

Description

Security researcher Hish reported that the persist attribute in XUL elements can be used to store cookie-like information on a user's computer which could later be read by a website. This creates a privacy issue for users who have a non-standard cookie preference and wish to prevent sites from setting cookies on their machine. Even with cookies turned off, this issue could be used by a website to write persistent data in a user's browser and track the user across browsing sessions. Additionally, this issue could allow a website to bypass the limits normally placed on cookie size and number.

References