Thousands of Firefox users see data compromised in unusual circumstances

Thousands of Firefox cookie databases which contain sensitive data that could potentially be used to hijack authenticated sessions are cur...

Thousands of Firefox cookie databases which contain sensitive data that could potentially be used to hijack authenticated sessions are currently available on request from GitHub repositories.

As reported by The Register and first spotted by security engineer Aidan Marlin, these cookies.sqlite databases are used to store cookies between browsing sessions and are normally found in a user's Firefox profiles folder. However, by searching GitHub using specific query parameters known as a search “dork”, they can be found online.

Marlin reached out to the news outlet after he first tried reporting his finding findings to GitHub through HackerOne. However, a GitHub representative informed Marlin that “credentials exposed by our users are not in scope for our Bug Bounty program”. He then asked GitHub if he could make his findings public and provided further details on the matter to The Register in an email, saying:

"I'm frustrated that GitHub isn't taking its users' security and privacy seriously. The least it could do is prevent results coming up for this GitHub dork. If the individuals who uploaded these cookie databases were made aware of what they'd done, they'd s*** their pants." 

The affected users accidentally uploaded their own cookies.sqlite database when committing code and pushing it to their public repositories on GitHub. However, since this dork turns up almost 4.5k results, Marlin believes GitHub should be doing more and he has also alerted the UK Information Commissioner's Office that users' personal information is in jeopardy.

According to Marlin, he believes that users accidentally uploaded their cookies.sqlite databases by committing code from their own Linux home directory. Most likely the individuals involved probably don't even realize that they put their cookie databases up online for anyone else to find.

The security of the affected users is also at risk as an attacker could download their cookie databases and put them in a folder belonging to a newly created Firefox profile on their local machine. This would allow them to be authenticated on any services which the users were logged in on when they committed their databases according to Marlin.

In an email to The Register, a Mozilla spokesperson confirmed Marlin's theory and explained that developers should use Firefox Sync when using code hosting services like GitHub, saying:

"Protecting the privacy of internet users is at the core of Mozilla’s work. When using code hosting services, we encourage users to use caution when considering the sharing of private data directly on public websites. When choosing to backup sensitive Firefox profile data, Mozilla recommends Firefox Sync, which encrypts and safely stores files within Firefox servers." 

We've also featured the best browsers, best identity theft protection and best password manager

Via The Register



from TechRadar - All the latest technology news https://ift.tt/3nzEBjc
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Thousands of Firefox users see data compromised in unusual circumstances
Thousands of Firefox users see data compromised in unusual circumstances
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2021/11/thousands-of-firefox-users-see-data.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2021/11/thousands-of-firefox-users-see-data.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy