Privacy/Dashboard

From MozillaWiki
Jump to: navigation, search


Inbox (flagged for us):

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Tasks (assigned to us):

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);



keyword privacy:

Full Query
ID Summary Priority Status
15320 Forms/Necko: Temp file (formpost) left after file upload P1 VERIFIED
16499 Work around sendmail bug which reveals bcc recipients when all recipients are bcc P3 VERIFIED
17661 Preference for "Ask before sending e-mail address as FTP password" P4 RESOLVED
24418 [meta] Allow user to turn on and off rendering of video/audio (disable sound) -- NEW
28327 No server hits at HTML mailnews reading - privacy (disable remote content/web-bugs) P3 RESOLVED
32018 wrong UI for SSL SMTP in account manager P3 VERIFIED
37454 Delete & add acct back within same session shows old folders -- RESOLVED
44845 [meta] No network communication without explicit user request P3 RESOLVED
50205 Find privacy links P3 RESOLVED
53239 What's Related surfing when it is collapsed - privacy issue P1 VERIFIED
55366 Don't reveal UI language to site/page -- Change navigator.language to use Accept-Language instead of the UI language P4 RESOLVED
55477 UI-Pref to send HTTP "Referer" (referrer) always/never/only at same server -- RESOLVED
57351 css on a:visited can load an image and/or reveal if visitor been to a site P3 VERIFIED
57555 UA-string is telling sites too much about the system P3 RESOLVED
57675 More descriptive error message for non-http:// urls in What's Related -- VERIFIED
58580 Temp files from sending drafts or posting news are (created with bad permissions and) left behind P3 RESOLVED
58930 POST with enctype=multipart/form-data leaves a temp file P1 VERIFIED
58979 store all compose temp files in directory under /tmp, and remove that directory on quit -- NEW
59557 Permissions should not be world-readable for profile directory -- RESOLVED
62178 implement mechanism to prevent sending insecure requests from a secure context P1 RESOLVED
64267 clicking on email address/mailto link in message body doesn't set the correct From (identity) - use account/identity of current message, not the default account/identity -- RESOLVED
64800 Deletion of news accounts don't delete newsrc files -- NEW
67447 iframes allow the setting of third party cookies -- VERIFIED
67702 Forwarding mail should remove JavaScript from the message -- NEW
68682 Saving inline attachments saves whole msg -- VERIFIED
68686 Shrink .jar files by stripping out whitespace, comments -- RESOLVED
70676 Kerberos POP support -- RESOLVED
74075 Mozilla displays pages which required authentication (after reload) from cache -- RESOLVED
76463 formpost files should use 600, not 666, for permissions P1 VERIFIED
84749 BODY onUnload JavaScript gets wrong value for location.href -- VERIFIED
88183 navigator.plugins leaks path names -- VERIFIED
88771 URL bar menu (autocomplete) should hide URL passwords -- RESOLVED
92716 Need way to completely disable user-agent header P4 RESOLVED
94118 blocked images are downloaded anyway P2 RESOLVED
96351 accept cookies only from originating site easily circumvented -- RESOLVED
101723 lock icon only works for the first tab -- VERIFIED
102015 Recent Pages list cannot be cleared from prefs dialog -- NEW
107088 mozilla creates world-readable temp files -- VERIFIED
116938 tries to save .exe file rather than play it P1 VERIFIED
118338 addressbook file contains infomation about deleted people if duplicate people are created -- RESOLVED
118411 Can't send message with an attachment whose filename contain a '/' P2 RESOLVED
118766 Messages printed from print preview contain full path URL to mailbox in header (privacy/security concern, ux-error-prevention) -- RESOLVED
119828 Credit Card information plainly visible w/o supplying a password -- VERIFIED
121361 Navigator: Untrustable security information due to incomplete navigator tab support P4 VERIFIED
125738 Forwarding should strip X-Mozilla-Status2 (label) -- VERIFIED
126720 Full-screen: Ability to show status bar (security icon ?) -- RESOLVED
127032 Full-Screen mode should have some indication of entering secured site -- RESOLVED
127444 Full screen mode on Linux hides titlebar -- RESOLVED
127872 "Internet Keywords-only" mode for "Location" -- RESOLVED
128693 file is attached if you change hyperlink -- VERIFIED
130149 Composer reveals login and password on publish in html-source -- VERIFIED
130222 js text in status bar can push icons out of view -- RESOLVED
130794 lock icon issue: no certificate or security info in pageinfo screen for https P1 VERIFIED
131692 Overzealous address-autocompletion without possibility to correct address (no way of composing to email addresses which are similar to existing addresses in AB; can't remove or correct display name of first preselected matching contact result) -- VERIFIED
132257 Inserting a link to a [network][image] file into a message inserts the physical file! -- VERIFIED
132755 Add preference for automatic removal of completed files from Download Manager/downloads.rdf. -- VERIFIED
133073 Active panel being loaded although sidebar is hidden -- VERIFIED
134370 Moz displays my ftp password in 24-pt bold font P1 VERIFIED
136054 DL manager doesn't observe history expire pref -- VERIFIED
136782 "Send Page" should not put a link for file:/// URLs into the compose frame -- NEW
141051 [RC 1.0 bug] New email window shows briefly old subject -- VERIFIED
143220 [FIX]Script can get the value of a file control, including the path -- RESOLVED
145579 Website can see url of page visited after it (document referer used when loading images with javascript is incorrect while loading a new page) P1 VERIFIED
145780 Forwarding message with blank subject reveals mail server, user name, folder name -- VERIFIED
146695 Mozilla send _content as referrer when loading something in the sidebar. -- VERIFIED
147777 :visited support allows queries into global history P1 RESOLVED
158463 Sites use iframes to bypass third-party cookie blocking P2 RESOLVED
163551 Implement complete email address privacy P2 RESOLVED
167475 [URL] Disable external and returning no data protocol handlers in all cases, excluding <A HREF=> -- VERIFIED
175258 HTML Mail loads css stylesheet even if images and plugins are disabled -- RESOLVED
177988 Storing persistent data (implicit cookie) with XUL -- RESOLVED
178038 [RFE] allow for preference to override FQDN for message-id generation -- RESOLVED
182045 Prefs->Privacy->History should offer to clear download manager -- RESOLVED
182640 Privacy: window.open() in bookmark leaks URL of current page through (wrong!) referrer header -- RESOLVED
184614 valgrind doesn't like nsDiskCacheBlockFile::WriteBlocks (uninitialized memory written to cache) -- VERIFIED
186834 Removing POP account does not forget password -- NEW
188175 Images are fetched when pressing Print even when remote images are off P3 RESOLVED
188285 Form autocomplete should not store credit card numbers -- RESOLVED
188955 CSS list item images are loaded even if image loading is blocked or disabled P2 RESOLVED
195388 Clearing Download Manager History doesn't work -- VERIFIED
199709 Remote images are loaded even if I check "Do not load remote images" in preferences -- VERIFIED
200716 Cross server javascript used to circumvent cookies blocking -- RESOLVED
202896 Cache-Control in Meta-Tag is ignored in xslt -- RESOLVED
202910 Option to clear location bar typed-URL history automatically (on exit) -- RESOLVED
205756 Compact folders should be enabled by default -- RESOLVED
205821 Mozilla using wrong files after profile switch, causing information leaks -- RESOLVED
206681 Need a way (pref) to stop attaching the images on Reply -- RESOLVED
207990 browser.formfill.enable value ignored -- VERIFIED
208821 Remove email address as anon. ftp password -- RESOLVED
216596 No referrer (referer) options in Firefox's privacy or advanced panels -- RESOLVED
216907 Save Page As "Web Page, complete" doesn't save favicon P5 RESOLVED
218917 Allow login_name != email_address, so address isn't displayed (anti-spam effect too) -- RESOLVED
219250 Printing e-mail with images, when image download is disabled, still prints images -- RESOLVED
220370 Allow user to select which address book(s) to use for autocompletion (expose existing per-AB pref to include/exclude AB from auto-completing); prevent privacy issues when inactive/undesired addresses are autocompleted -- NEW
222927 Password protection of mail accounts has problems -- RESOLVED
224080 Ability to have master password for password store missing -- RESOLVED
226548 Wrong http_referer sent when middle-clicking link from sidebar P2 RESOLVED
231852 ETag: filtering to counter web tracking P3 RESOLVED
233075 Password autofills in cleartext -- RESOLVED
234680 Uninstall should give the option to remove profile data -- RESOLVED
234700 deleting history entry doesn't remove it from history.dat -- RESOLVED
235432 Mailnews/Thunderbird leaves unused nsqmail.tmp (nsqmail-*.tmp, nsemail.eml) files in temporary folder (TEMP or /tmp) after quit -- RESOLVED
239223 [Meta] firefox.exe doesn't always exit after closing all windows; session-specific data retained -- RESOLVED
241572 Drop file into HTML message body should not generate "file://" URL text -- NEW
242956 Stored password is inserted into a readable text input on a second page -- RESOLVED
243136 saved form data should expire after a time period defined by user -- RESOLVED
243306 "Do not load remote images in Mail & Newsgroup messages" not reliable -- RESOLVED
243885 To: field contains more than one whitespace after first colon when message sent without name -- RESOLVED
245861 Firefox never delete temp files produced by drag and drop -- VERIFIED
248853 thunderbird displays IFRAMEs when they're included in an html mail -- RESOLVED
248970 Private Browsing mode (global toggle for saving/caching everything) -- VERIFIED
251690 Client Certificate installs without notification (feedback) to user -- RESOLVED
252486 Add option to disable saving form data on https websites -- RESOLVED
253317 Provide hyphenation dictionary for justified text -- RESOLVED
253331 Search bar's text should be cleared after a search is performed P5 NEW
256510 Return receipts don't use Multiple identities -- VERIFIED
257309 Return receipts should not reveal forwarded email addresses in headers -- NEW
258185 Current referer sent when pressing shift-enter in location field P1 RESOLVED
259091 Viewing email should not automaticaly open remote files via "iframe src='http:...FILE'" -- RESOLVED
259532 talkback-public.mozilla.org is helping spammers by publishing valid email addresses -- VERIFIED
260288 internal IP address (behind NAT rounter) is exposed by Java -- RESOLVED
262759 Add SSL support to the Mozilla IRC network -- RESOLVED
263213 Don't use I'm Feeling Lucky search when protocol (such as http:// or https://) specified P3 VERIFIED
263216 links opened into new tab from ChatZilla pass the URL of the current tab as the http Referer P4 RESOLVED
263220 Block remote images: Investigate ways of not whitelisting if From: address same as To: (forgery) -- NEW
263290 view-source: protocol allows viewing "cache-control: no-store" pages that are no longer being displayed P3 NEW
263345 Remote images not blocked when forwarding mail (inline) or replying -- RESOLVED
265028 Clearing cache sometimes fails P1 RESOLVED
266203 Calendar password displayed in clear txt -- RESOLVED
267472 possibility to change HELO/EHLO string -- RESOLVED
267645 Page can obtain path to Mozilla installation or possibly profile by examining JavaScript exceptions P3 RESOLVED
270697 Autocomplete data leak -- VERIFIED
271097 searchplugin auto update should ask user -- RESOLVED
271405 Implement optional warning/confirmation prompt when sending bulk mail to many recipients without using BCC: [plenty/a lot/lots of To or CC recipients: suggest/propose using BCC instead] P2 RESOLVED
271917 Bcc: and Cc: fall back to To: in compose window when double clicking a contact/email address/recipient/mailing list in contacts sidebar P3 NEW
274875 despite being logged out of gmx.de going back in browser history shows content -- RESOLVED
274889 Can't disable Thunderbird "show password" feature -- RESOLVED
276677 Security: User's remote mailboxes and messages should become visible only after login -- RESOLVED
278176 Remote server hits reading mail possible using news: (gopher no longer a problem) -- NEW
278232 deleted search entries restored on browser restart -- RESOLVED
279562 Copy and paste of an ftp link can reveal account/password P5 NEW
280662 master password should (optionally) encrypt more data -- RESOLVED
283521 Add security icon/button to the Chatzilla status bar. -- RESOLVED
283619 JavaScript redirection contains the HTTP referer -- RESOLVED
284086 "Sanitize on shutdown" fails if the last closed window is not a browser window -- RESOLVED
285790 saved form information should be managed by master password -- RESOLVED
286703 Password found in core file -- RESOLVED
286888 Always make compacting folders automatic, with no UI -- NEW
289897 huge memory leak when klipper is running -- RESOLVED
290456 Clear plugin data in "clear private data"/"forget about this site" -- RESOLVED
292589 [FIX]XBL load missing content policy check (Thunderbird not blocking remote content) P1 RESOLVED
295922 Client Auth "select cert automatically" is considered a privacy issue P2 RESOLVED
295994 Can store cookie-like information via xul persist attribute P3 RESOLVED
296270 Default user agent on AIX contains machine information -- VERIFIED
297278 Thunderbird should warn before sending passwords over plaintext protocols -- RESOLVED
303754 Make false the default for "Allow remote images if the sender is in my [address book]" -- RESOLVED
305462 "Clear Cache Now" doesn't clear bfcache -- RESOLVED
307046 Autosave leaves ghost messages in drafts on cancelling compose -- VERIFIED
307828 Information leak of file names being viewed from web pages -- NEW
308483 clear search history option can be misleading, because it also doesn't clear history P3 RESOLVED
308808 Web pages can detect which extensions are installed (CheckLoadURI call for <script> allows chrome: URLs) -- RESOLVED
308940 Clear Private Data does not clear cookies on Mac -- RESOLVED
309031 "Clear Private Data" only succeeds to remove cookies on the next startup -- RESOLVED
311292 Can't specify download location of temp files on Mac -- RESOLVED
311664 Clearing cookies via "Clear Private Data" doesn't update the Cookies Manager until it's reopened -- RESOLVED
312036 history.dat contains entries deleted from the "date and site" view -- RESOLVED
313856 Image properties show used password in clear text -- RESOLVED
314755 sanitization at shutdown sometimes fails (resulting in a confirmation dialog for clearing private data when firefox starts) -- NEW
315351 How spammers can identify your email without you doing anything. -- RESOLVED
315625 When forwarding a message inline, Thunderbird strips inline-images -- RESOLVED
316042 Clearing saved form history should clear text currently in the search bar -- RESOLVED
316084 Migrated base64 suite passwords not encrypted when master PW added in Firefox P2 RESOLVED
317260 Clear Private Data should use safe deletion (data scrubbing) P5 NEW
317461 Microsoft/DigitalPersona Fingerprint Reader stopped working with 1.5RC3 -- RESOLVED
319486 Empty Cache and Reset Camino don't clear site icon cache -- RESOLVED
319649 "Reset Camino" should reset the last visited date on bookmarks, too -- RESOLVED
320505 Not able to 'clear private data' if history is off (= "remember history for 0 days") -- RESOLVED
320925 "Clear private data" (sanitize) feature should have an option to clear the last used download target directory name and path -- UNCONFIRMED
321422 FRAMAKEY / Portable Thunderbird - informations of the accounts users stay on station of reception -- RESOLVED
322169 Clear Private Data does not clear JS Console -- RESOLVED
323966 Users expect clearing history to clear searchbar also P3 RESOLVED
324354 Ctrl-Z (undo) reveals visited URLs AFTER clearing history -- RESOLVED
324397 Third-party cookies should be blocked by default (flip the hidden pref) -- RESOLVED
325435 In Camino, Google sets cookies although cookies are NOT allowed -- RESOLVED
325458 Recipient Autocomplete: Nickname does not get highest precedence for matching address book entries, for searchphrase==nickname [To, CC, addressing field/area, toplisted, priority, results] -- RESOLVED
325506 Ctrl-Z (undo) reveals visited URLs AFTER clearing history -- REOPENED
325908 message pane downloads external linked .css urls even though images aren't downloaded. -- RESOLVED
325929 Using calendar (0.2 based build) bypasses master password security in Thunderbird mail -- VERIFIED
326111 Spotlight/virus checker interaction: Copies of cookies.txt remain after clearing cookies -- RESOLVED
327738 Reset Camino doesn't reset minimized windows -- VERIFIED
327818 0 days of history is still a lot P3 RESOLVED
327819 Clearing history doesn't affect bookmarked items. -- RESOLVED
328140 Integrate 0-filling patch into storage system -- RESOLVED
328917 Mail Multiple Information Disclosure Vulnerabilities -- RESOLVED
329741 history.dat, formhistory.dat, downloads.rdf should be deleted when the user clears private data P2 RESOLVED
330332 Recognizable history in bookmarks_history.sqlite after being deleted P1 RESOLVED
330443 privacy: loading remote xbl when replying or forwarding -- RESOLVED
330578 (Shift+) delete in URL bar autocomplete list no longer persistent. -- VERIFIED
330884 When different users on one system choose to save or not save passwords for sites, any other user can see sites they not only saved passwords for but can also see what other users have been saving/never saving passwords for. -- RESOLVED
331652 store hashes instead of site name for sites for which you select "Never Save" P5 RESOLVED
331804 InstallTrigger.getVersion() is allowed from unprivileged scripts -- RESOLVED
331985 Don't save favicons when history is disabled. P2 RESOLVED
332028 History URL domain blacklisting -- RESOLVED
332536 Microsoft Fingerprint Reader no longer works for Firefox master password dialog (worked in Firefox 1.0.6) -- RESOLVED
333591 Clear Private Data does not clear Saved Form Information P1 RESOLVED
333832 Firefox didn't finish download websites, in combination with webwashers standard filter -- RESOLVED
333907 XRE quits too abruptly when Windows is shut down P2 VERIFIED
335163 Spotlight metadata folder is deleted and recreated on launch -- RESOLVED
341035 Livemark service should delete annotations on livemark delete P2 RESOLVED
341206 [Compact folders when it will save over] checkbox should be checked by default. -- RESOLVED
341524 Make webapps session storage follow the cookie prefs -- RESOLVED
341833 Engine metadata should be removed when a profile search plugin is removed P3 RESOLVED
342612 training.dat leaks words in encrypted email -- NEW
342801 third party cookies being accepted despite user's settings -- RESOLVED
343212 Clear private data...>Browsing History should also clear the 'Undo Close Tab' history -- RESOLVED
343999 window.home() incorrectly handles multiple home pages specified with | -- NEW
344255 Bookmarks metadata (created/last accessed date) cannot be removed; privacy issue. -- RESOLVED
345345 Session Restore remembers logins from session cookies -- RESOLVED
345675 unwanted connection to www.google.com at startup with Safe Browsing disabled -- RESOLVED
345989 add 'block cookies from this site' context menu to cookieviewer -- RESOLVED
345993 Make the full Build ID more accessible to testers -- VERIFIED
346927 drawImage corrupts transparent 24-bit PNGs with 1-bit-convertible alpha -- RESOLVED
347852 reload leaks data from cache to end of page after hash collision in cache -- RESOLVED
348601 permanent certificate error overrides not removed after using "clear recent history..." P5 RESOLVED
350521 navigator.buildID leaks true version even when UA spoofed -- RESOLVED
350785 Autocomplete / Form Manager stores element data even if Autocomplete is "off" -- VERIFIED
351403 Reply to a forwarded message (.eml) should use correct identity -- RESOLVED
352692 Inform users that saved passwords are not encrypted/secure (when master password is not used) -- RESOLVED
353800 support "Sensitivity" header field (values: personal, private, company confidential) as per RFC 987 -- NEW
356359 Username autocomplete dropdown showed part of my password -- RESOLVED
356758 Temporarily suspend recording private data -- RESOLVED
356808 Thunderbird silently ignores attachments if a file using the same name exists in moz_mapi folder (sends wrong / old / stale / previous version of attachment instead!) -- VERIFIED
356919 After sending an e-mail with an attachment received by Thunderbird using SimpleMAPI, the temporary moz_mapi attachment file doesn't get automatically deleted, if the file has read-only attribute or is locked at the time of sending -- NEW
358042 Session Restore restores session cookies (potential privacy problem for shared user accounts) -- RESOLVED
358365 Private data not cleared on closing Firefox -- VERIFIED
358739 history.dat file may not be empty even when history is deleted -- RESOLVED
358878 Feed preview's request for favicon.ico should not send Referer P1 RESOLVED
359479 Remote Images in iframes bypass remote content blocker -- RESOLVED
360107 "Clear Private Data" dialog on exit too easy to miss (should appear earlier and/or time out) -- RESOLVED
360381 site_icons cause uncached images to be loaded twice or thrice (if bookmarked) -- RESOLVED
360572 deleting a previous search entry does not work if a search suggestion is shown P1 VERIFIED
362570 Better UI/options for people who want to downgrade most cookies to session cookies but allow some to persist -- RESOLVED
364972 [SessionStore] allow SessionStore to work without writing data to disk -- RESOLVED
365279 Thunderbird allows setting master password when it's not enabled -- RESOLVED
366572 [SessionStore] clearing private data doesn't clear sessionstore.js at exit -- RESOLVED
366782 IMG tags in NNTP posts cannot be blocked -- RESOLVED
366810 remember pages will not forget -- RESOLVED
366945 middle-clicking on a page starts a load based on clipboard contents (on unix-like hosts) -- VERIFIED
367372 Do not download images in newsgroups by default -- RESOLVED
367428 resource:// directory traversal P1 RESOLVED
368106 Query params sent when reporting a phishing site could contain sensitive info -- RESOLVED
368255 shouldn't send Google's cookie with SafeBrowsing API requests (sandbox it instead) -- RESOLVED
369875 I get spybots every time I use Firefox -- RESOLVED
371360 [FIX]scripts can tailgate departing users with onUnload -- RESOLVED
371375 [FIX]Websites can test for URLs visited (pdp Firefox Cache Hack - Firefox History Hack redux) -- RESOLVED
371482 Thunderbird respond invisible link -- RESOLVED
373867 NSPR supports opening of UNC Paths, which can leak Windows OS Credentials -- RESOLVED
374433 Firefox prints out a list of URIs to console when browser is started up -- RESOLVED
375629 The annotations of an item (bookmark/folder) must be removed when the item itself is removed P2 RESOLVED
376328 Prevent moz-icon: from referencing remote files -- RESOLVED
376957 Prevent data leaks from cross-site JSON loads (JavaScript literals) P3 RESOLVED
377117 use "cache timing" to detect whether the user has visited certain other sites P5 RESOLVED
377630 Filename disclosure in /tmp - e.g. when saving attachments -- RESOLVED
378046 Mail composition: opening/editing attached file sometimes unexpectedly opens/edits original file (only if attachment was added via TB OR drag-and-drop (non-MAPI) AND draft has never been closed yet): MAPI and non-MAPI behaviour should be consistent -- NEW
380589 Clear Private Data might miss some SessionStore data -- RESOLVED
380852 clear private data doesn't clear site-specific settings P1 VERIFIED
380912 "Get me out of here" link doesn't handle pipe-delimited home page -- RESOLVED
380994 Fix for bug 367428 lets through escaped slashes on Linux (windows too on trunk) P1 RESOLVED
381006 external protocol handlers and privacy -- RESOLVED
381264 XHR TRACK method (IIS) could be used to compromise Authorization and Cookie headers -- RESOLVED
381266 Clicking Cancel multiple times on Master Password dialog finally unblocks login info -- RESOLVED
381503 Using shift+delete to remove items from history in location bar appears to work but actually doesn't. -- RESOLVED
381681 Form autocomplete information can be seen by evil sites convincing users to press arrow keys P3 REOPENED
383014 Clear Recent History doesn't clear the moz_cache_groups table (part of offline cache) -- RESOLVED
383209 Clear Private Data fails to clear stored passwords -- VERIFIED
384207 Crash Reporter client should include a URL field P1 VERIFIED
384524 Passwords still filled in on web sites after logged out of Software Security Device -- RESOLVED
385605 URL passwords accessible from Flash or other plugins P3 RESOLVED
385741 Want to be able to exclude sites from form autofill -- RESOLVED
386005 passwords deleted from drop down menu in gmail.com apear to be deleted but are still saved -- VERIFIED
386774 private data removal prompt upon browser closing not functioning -- RESOLVED
388097 null-domain cookies possible (malicious cookie swapping) -- RESOLVED
388239 Restart of Firefox after Yahoo mail signout = error saying Firefox did not close properly -- RESOLVED
388313 Password manager should forget sort order on "Hide Passwords" if sort order was by password -- RESOLVED
388969 sets cookie that exceptions shows to be blocked -- RESOLVED
389126 Session Restore circumvents Clear Private Data -- RESOLVED
391397 Need to clean up URLs before adding them to a crash report -- RESOLVED
391806 Deleted Browser History is visible when typing a new URL -- VERIFIED
392097 only showing 7 days of download history, until I search, then I see more items P1 VERIFIED
392274 should _tzset on Win32 -- RESOLVED
392571 email arriving in inbox inducing a popup showing the beginning of the message -- VERIFIED
394651 Set "Accept cookies only from sites I visit" as default -- RESOLVED
395399 Add white list of https servers for which client auth cert selection is automatic P3 RESOLVED
395521 Privacy policy link not displayed for add-on featured at top of front page or on recommended list P4 RESOLVED
395693 Ability to disable form manager (saving form information) for specific sites -- VERIFIED
397082 A preference which allows to block cross domain referer data. -- RESOLVED
397196 Clear private data does not clear last URL of Open Web Location dialog -- VERIFIED
397427 [FIX]Stylesheet href property shows redirected URL unlike other browsers -- RESOLVED
399324 Fetch missing intermediate certs (use AIA extension for incomplete cert chains) -- RESOLVED
401296 docShell.allowPlugins not honored for direct links -- RESOLVED
401811 Replace "Check by asking Google about each site I visit" with a more-frequent-update option -- RESOLVED
401961 Get URIs of all windows/tabs -- RESOLVED
402144 web-based content handlers could leak secure URIs -- NEW
402152 web-based protocol handlers should strip out credentials, as per spec P2 RESOLVED
402287 register{Protocol,Content}Handler should only be allowed from same host as handler P2 RESOLVED
402398 data insecurity - winXP with more users -> also session restore for other users! -- UNCONFIRMED
402730 Purge IMAP cache on exit for privacy -- NEW
405620 Using middle-click for both "open link in new tab" and "paste" means pages can steal your clipboard contents -- RESOLVED
405789 Private Data not cleared on shut-down -- RESOLVED
406279 Changing Master Password Leaves Browser in Logged-In State -- NEW
406848 change mail.prompt_purge_threshhold to true -- RESOLVED
407582 Thunderbird doesn't respect primary email address of OS X address book when sending messages to a list -- NEW
407910 clear site-specific preferences when clearing browser history P4 RESOLVED
408076 out of bounds read in BMP decoder can lead to information disclosure P1 RESOLVED
409624 FastFind not cleared when doing Clear private data -- RESOLVED
409737 javascript.enabled and docShell.allowJavascript do not disable all event handlers -- RESOLVED
409945 Charset annotations created on import should be itemAnnotations (was: Clear private data doesn't force smart bookmarks to rebuild) P2 RESOLVED
410691 When blocking images from the context menu and undoing, an "allow" exception is added -- VERIFIED
410794 temporary downloads no longer cleaned up at shutdown (read-only) -- VERIFIED
411088 when deleting a tagged bookmark from the places organizer, the tag remains P2 VERIFIED
411572 Unnamed attachments reveal full local paths when forwarded inline or edited as new -- RESOLVED
412381 Clear Private Data should delete old signons.txt file(s). -- RESOLVED
412525 [meta] Bugs that let sites tell whether you've visited another site -- RESOLVED
413112 If helper application isn't available anymore downloaded temporary files aren't deleted on shutdown -- RESOLVED
413689 FF3 doesn't clean up old FF2 session data -- RESOLVED
414478 Clearing cookies should also clear Flash local storage -- RESOLVED
415397 URLs with (un)escaped characters can't be deleted P3 RESOLVED
415737 Tools->Options->Privacy->"Always Clear my private data when I close Firefox" leaves the most recently browsed url in the address history -- RESOLVED
415944 Don't expose password text through A11y text interfaces P1 RESOLVED
416356 Does not accept domain cookies issued by subdomains sites like bugzilla.mozilla.org cannot issue a mozilla.org cookie -- RESOLVED
416893 Remove aria-secret -- RESOLVED
417994 navigator object does not fully reflect user agent settings -- RESOLVED
418119 nsIContentPolicy not called for external DTDs of XML documents P3 RESOLVED
418321 Components do not expose disk interfaces P3 RESOLVED
418986 window.screen and CSS media queries provide a large amount of identifiable information (Tor 2875) -- RESOLVED
419117 Add noise to gethash requests P1 RESOLVED
421180 When removing bookmarks existing keywords aren't deleted/removed -- VERIFIED
421189 URIProperties/POSTData annotations have not been removed correctly, so pages are not deleted from places history -- RESOLVED
421494 reimplement third party cookie blocking P1 RESOLVED
421823 Cookie blocking non-functional for asset fetches in page headers -- RESOLVED
421980 Deleting some addresses in the history of the address bar doesn't work sometimes -- RESOLVED
422548 After Clear Private Data, some history still appear in the location bar due to bogus EXPIRE_NEVER annotations P2 VERIFIED
422944 Allow turning off bookmark searching in address bar -- RESOLVED
423154 off-by-one error for browser.bookmarks.max_backups P2 VERIFIED
423266 Address bar dropdown remembers recently visited URLs even though history has been cleared -- VERIFIED
423960 regression: disabling history remembers visits P1 VERIFIED
424373 remove a search engine will not remove its associated keyword -- RESOLVED
424538 Updater.exe should be signed to make it compatible with Vista UAC -- RESOLVED
424900 firefox freezes while I am in bookmarks, while approve each cookie is on P2 RESOLVED
425819 Extensions circumvent disabled cookies -- RESOLVED
429070 exposing Components.interfaces to untrusted content leaks information about installed extensions -- RESOLVED
429402 Oddness with remembered zooming with frames -- REOPENED
429846 Copy and Paste breaks mail-internal links <a href="#anchor"> (private profile links get sent, broken) -- NEW
430779 When I pressed the clear private history tab I expected the history to be deleted -- RESOLVED
431155 sessionstore.js should be deleted or bypassed when "clear private data" is used -- RESOLVED
431345 Google search causes first result to be requested and with HTTP_REFERER [prefetching] -- RESOLVED
431547 FATAL FLAW IN SESSION RESOTRE BYPASSES SECURITY -- RESOLVED
431782 HTTP redirects can bypass content policies -- NEW
432197 search history comes back after deletion P2 VERIFIED
433975 delete sessionstore.js when starting a new session -- RESOLVED
434457 Logout-Button doesn't work. (passwords) -- NEW
435159 nsNSSCertificateDB::DeleteCertificate has race conditions -- RESOLVED
435416 Privacy evaluation: places.sql leaves traces of visited URLs -- RESOLVED
435418 privacy evaluation: privacy tool does not clear downloads.sqlite -- RESOLVED
435670 Existing cookies leak when using the "Ask Every Time" option and choosing "Deny". -- RESOLVED
437925 Flash Music Keeps Playing when window was closed -- RESOLVED
439237 Privacy concern with respect to content-prefs.sqlite file -- RESOLVED
439263 Messages deleted from Drafts or Junk folders are permanently retained in the respective MBOX file -- RESOLVED
441751 Directives not to cache pages ignored. P1 RESOLVED
442526 Remote content in e-mails is blocked even if explicitly allowed for a message when "Accept all images" is not selected -- NEW
442885 Recently visited Sites are Not cleared from Address bar, after clearing History. -- RESOLVED
443337 Cookie "Exceptions" Should Not Take Precedence Over "Accept third-party cookies" -- RESOLVED
443354 "Save and Quit" tabs should not save session cookies of to-be-restored tabs -- VERIFIED
444004 When sending to an OS X mailing list, contacts should be in BCC and not TO fields -- VERIFIED
445164 Cookies not securely deleted from cookies.sqlite -- RESOLVED
445704 JSON bookmarks backup has localized filename (and can't be easily restored) P1 VERIFIED
446205 Remove contentaccessible from Firebug chrome.manifest -- RESOLVED
446261 Clear Private Data should also reset last directory saved to P5 NEW
446537 Show password should be disabled if no master password is set -- RESOLVED
446700 location bar stores urls visited but not bookmarked even after all private data is cleared -- RESOLVED
448372 Sensitive cookie data remains readable and on disk in cookies.sqlite after "Clear Private Data" and "Remove All Cookies" P1 RESOLVED
448743 Decouple general.useragent.locale from spoofing of navigator.language -- RESOLVED
448965 Can not Delete History -- RESOLVED
449703 [1.8 branch] XBM appears to draw uninitialized memory -- VERIFIED
449981 storage UI should look and act alot like cookie UI -- RESOLVED
450314 use a special tag to block results from the awesomebar P2 RESOLVED
451544 Clear private data function (man+auto) does NOT clear the visited sites in the drop down list -- RESOLVED
452241 Blocked pictures are loaded when you go on "answer" or "forward" -- RESOLVED
452639 Saved password shows up after switching to another tab and back -- RESOLVED
454908 sessionstore.js stores contents of password fields in plaintext -- VERIFIED
456210 URL containing password is kept when you enter a cPanel -- RESOLVED
456955 Password shown in plain text and saved plain in History -- RESOLVED
457195 nsSessionStartup::state not cleared with history -- RESOLVED
458849 transition download visits saved when "Keep my history..." is unchecked. P2 VERIFIED
460608 Download of temporary files for helper applications are stored in downloads.sqlite while private browsing is active -- RESOLVED
460609 Temporary files for helper applications are not deleted when leaving Private Browsing mode -- VERIFIED
460689 Temporary files on OS X are no longer deleted on shutdown with browser.helperApps.deleteTempFileonExit set to true -- RESOLVED
461204 Boundary delimiter for HTTP file posts is static. That is wrong according to RFC. -- RESOLVED
461625 Hide the UI for saving permission manager entries in Private Browsing mode -- VERIFIED
461627 Hide the UI for saving certificate exceptions permanently in Private Browsing mode -- VERIFIED
461710 Write an automated test to ensure that visited link coloring is turned off in private browsing mode -- RESOLVED
461747 Enable bypassing the private browsing mode in the Places module -- RESOLVED
461748 Enable bypassing the private browsing mode in the Satchel module -- RESOLVED
461749 Enable bypassing the private browsing mode in the Download Manager module -- RESOLVED
461750 Enable bypassing the private browsing mode in the Satchel module (search history) -- RESOLVED
461755 Error console should be cleared when leaving the private browsing mode -- VERIFIED
462106 Clear the data copied to clipboard inside the private browsing mode after leaving it P2 VERIFIED
462218 Read the sessionstore data from the disk instead of keeping it in memory when saving the session for private browsing mode P3 RESOLVED
462639 Handle view-source windows in Private Browsing mode P3 RESOLVED
463202 Search engine box should be cleared when leaving the private browsing mode -- VERIFIED
463471 temp tables are not correctly synced to disk when the user clear private data on shutdown P1 RESOLVED
463607 Interaction of Clear Recent History dialog and the private browsing mode P3 NEW
463692 Clear the findbar text when leaving the private browsing mode -- VERIFIED
463863 Download history not shown in Places history P2 VERIFIED
463888 Do not persist the "Save As" location in private browsing mode -- VERIFIED
463893 always load remote images should not be based on sender's email address - use smtp server from which the message originates or on the server serving the images -- RESOLVED
464071 User tracking via Math.random output and multipart/form-data boundary string -- RESOLVED
464414 Firefox's User-Agent string is a privacy hazard when locales and Operating Systems with limited number of users are involved -- RESOLVED
464417 Forget About this Site doesn't close open tabs P3 NEW
464792 Exit Private Browsing mode when all windows are closed -- RESOLVED
468063 Deleted passwords (and bookmarks) return after upgrade -- RESOLVED
469961 "Clear my private data when I close Firefox" does not clear anything -- VERIFIED
470188 Maintains visited pages history even though option is turned off -- RESOLVED
470348 clear private data on shutdown does not delete history if "ask me before..." is enabled P2 VERIFIED
471906 Login manager's onblur handler shouldn't do anything when the username is blank -- VERIFIED
472062 Need a way to view and edit saved form data (like for passwords) -- RESOLVED
472421 turn off full-hash caching when in private mode P5 RESOLVED
473429 If Private browsing mode is started from a window-less state, stop PB mode should not restore the last session P3 VERIFIED
474824 Firefox socks system proxy configuration broken w/ socks_remote_dns -- RESOLVED
475585 Re-seed Math.random() for each window/frame/context -- RESOLVED
475881 Private browsing mode warning doesn't mention that newly-installed client certificates are not cleared when exiting private browsing mode P3 NEW
476463 Cookies set onunload of page are retained on exit/enter of PB mode P1 VERIFIED
478218 onQuit expiration is not working, changes are never synced to disk P2 RESOLVED
478888 Session restore can be misused in public places like internet cafe, office, college etc., -- RESOLVED
479668 Dropping "Most Visited" of Bookmark Toolbar to Search bar causes privacy disclosure -- RESOLVED
481503 do DNS prefetch for awesomebar matches P3 RESOLVED
482967 Tools->Clear Private Data sometimes does not clear browsing history, cache and cookies -- RESOLVED
483608 Disable Forget This Site in Private Browsing mode for Firefox 3.5 P1 VERIFIED
484439 Is it safe to turn off private browsing while in autostart mode? -- RESOLVED
486501 edit an address after autocomplete and autocomplete reselects the first choice, even reverts to a different address (involving quoted "Display Name") -- RESOLVED
488162 DNS prefetch leaks information because it doesn't honour network.proxy.socks_remote_dns P2 RESOLVED
488181 simplify code for exposing plugin paths/names -- RESOLVED
488801 Clear Recent History doesn't provide feedback when one of the items fails to clear P3 RESOLVED
488811 nsIPermissionManager.removeAll() should delete DB and re-init rather than just bailing. -- RESOLVED
489754 Profiles mix settings -- RESOLVED
490354 Closed tabs should not be able to be restored in Private Browsing mode -- RESOLVED
490879 Pasting images into rich text editors creates temporary moz-screenshot.jpg, and therefore, does not work on the web (should use embedded <img src="data: URI"> instead) -- VERIFIED
491732 add "Share Location" to Page Info > Permissions to redo/undo "always remember this choice" for geolocation preference P2 VERIFIED
491759 Clear geolocation token when exiting private browsing P2 RESOLVED
491761 Site loads in the background somehow? -- RESOLVED
491810 Geolocation "cookie" isn't cleared at exit for network.cookie.lifetimePolicy == 2 -- RESOLVED
492196 Make DNS-Prefetching subject to user-defined policies -- RESOLVED
493062 Highlight/delete multiple site containers in history sidebar only deletes first one -- RESOLVED
493124 Deleting a closed page in history does not delete its instance as a recently closed tab -- NEW
493151 Privacy risk when clearing history in combination with private browsing -- RESOLVED
496123 the last download directory from private browsing persists as the initial directory for the filepicker after stopping private browsing -- VERIFIED
496561 nsIBrowserHistory.removeAllPages does not fully clear browsing history -- RESOLVED
496595 Privacy leak in "remember for this site" permission of geolocation - persists outside of private browsing -- VERIFIED
497717 User preference for Default Session on Start Up is not respected by Private Browsing Mode on Re-Start -- RESOLVED
498648 Start private browsing while editing a message, cancel, doesn't cancel private browsing P2 VERIFIED
499733 Open Web Location dialog leaks URL/search entered in private browsing mode -- VERIFIED
503220 The update.locale file is readable from script via resource:/// -- RESOLVED
503228 Unhandled error from BrowserFeedWriter close() method reveals installation path -- RESOLVED
503456 Unknown protocol alerts are suppressed when wrapped with jar: P5 RESOLVED
504330 Contacts Sidebar hijacks Ctrl+A keybinding in Compose window on MacOS (instead of moving cursor, unexpectedly adds selected contacts as recipients) -- NEW
504795 Page Shows up in Print History -- NEW
507541 Selected text from unrelated message is quoted when right-click replying to another message, cunningly with correct attribution line -- RESOLVED
507578 disable DNS prefetching when PAC or WPAD is used -- RESOLVED
508052 TB sometimes reuses stale attachment when sending same file several times -- RESOLVED
508068 Flash cookies remembered outside Private Browsing -- VERIFIED
508950 Saved passwords for a site deleted after log in to the site using the user name and password described and in turn, logs out -- RESOLVED
511207 last page not removed from history upon close of browser -- RESOLVED
511933 Implement chrome-only cookies -- RESOLVED
512717 Dropping a file into a contenteditable area discloses the file's full path to the page -- RESOLVED
513421 Never remember history option should notify the user that previous history won't be removed P3 NEW
514214 Do not update page titles for places already in history inside the Private Browsing mode P2 RESOLVED
515463 new async autocomplete does not always respect behavior pref changes P2 VERIFIED
516232 [faceted search] Deleted for good/expunged messages are shown in search results -- RESOLVED
516465 Adaptive results aren't filtered P2 RESOLVED
516481 Bug with Clearing Form History -- RESOLVED
517316 Opening non-hyperlinked URLs (using context menu) should not send referrer -- NEW
517736 keyword.enabled is true by default, should be false to protect privacy -- RESOLVED
518343 Clear Recent History should clear Certificate Exceptions when "Site Specific Settings" is checked P3 RESOLVED
518601 Troubleshooting Information page should not allow copy-and-paste of the profile directory. P2 VERIFIED
519077 Add a whitelist+blacklist for the modified prefs list on about:support -- RESOLVED
522309 filter out access points that do not have SSIDs P2 RESOLVED
523336 User Identification Request-Dialog's "remember this decision" remembers the wrong certificate -- RESOLVED
524281 Displaying a feed message (web page mode) that uses script to redirect a different url results in passing the url to the default browser. -- REOPENED
524874 Attaching Windows shortcuts (.lnk files) *via drag and drop* lies about file size and type and creates useless attachments (original file with .lnk extension) -- NEW
524899 Firefox should ask for master password when viewing list of sites for which passwords are saved P5 RESOLVED
526731 location bar undo buffer not cleared when leaving private browsing mode -- RESOLVED
527311 Addressbar suggests adaptive results regardless of requested behavior -- RESOLVED
527463 Update checks for lightweight themes should not happen for non-whitelisted sites -- RESOLVED
527667 DOM Storage (localStorage, sessionStorage) data is not cleared when "Clear Recent History" is used with Time range not "Everything" P1 RESOLVED
528416 Download Directory Persists After "Clear Recent History" -- RESOLVED
529419 deleting tree item 'Older than 6 months' -- RESOLVED
529899 Session Restore needs to honor "Keep cookies until I close Firefox" in a clean shut-down -- RESOLVED
530173 Possible privacy leak with full-screen playing videos on exit on Private Browsing -- RESOLVED
530235 Windows "Recent Documents" and Privacy (private browsing, clear recent history) -- RESOLVED
530594 Session restore can result in excessive session cookie lifespan P3 NEW
530637 Private session restored if browser crashes inside the private browsing mode -- RESOLVED
532982 mail composed with bcc: recipients only, and sent via "Send Later" or with mailnews.sendInBackground=true can disclose bcc: recipients -- RESOLVED
535439 upgrading to Thunderbird 3.0 turns on "always return acknowledgement receipts" without user knowledge -- RESOLVED
535976 Unwanted DNS queries when opening mail, potential privacy issue -- RESOLVED
536081 Can't delete all history entries returned by a search in Library or Sidebar -- RESOLVED
536509 localStorage does not obey "third-party cookies" pref P3 RESOLVED
536567 Store the value of the per-site last file upload directories inside the memory while private browsing is active -- RESOLVED
537922 Viewing bookmark properties causes HTTP retrieval -- RESOLVED
539296 Does registerProtocolHandler() violate Private Browsing mode? -- RESOLVED
541911 Clear History doesn't cleanup livemarks children favicons -- RESOLVED
542674 Support downloading Intermediate CA certificates by following URLs within an AIA/CAIssuers extension -- VERIFIED
543006 Deleting History, Cookies causes all entries in the exception cookie list to be deleted too. -- RESOLVED
543766 Disabling 3rd Party Cookies breaks microsummary generation -- RESOLVED
543922 Strip usernames and passwords (and sanitize file://) in URLs submitted with crash reports -- RESOLVED
544452 nsIGlobalHistory2::isVisited() should know the origin of the document -- RESOLVED
544745 DNS Prefetch security issue: Information leak -- RESOLVED
545069 web site is able to retrieve my name and email address upon loading up its own page -- RESOLVED
545393 DNS Prefetch security issue: Information leak -- VERIFIED
547490 mail.password_protect_local_cache does not protect cache when set to true, mails/messages in thread pane are visible/displayed and can be viewed/accessed -- RESOLVED
549459 Permission denied exception string way too descriptive P1 RESOLVED
549697 Add click-to-start form of disabled plugins (Add-on manager) -- VERIFIED
550122 Clear recent history set to "everything" is restored after restarting browser -- RESOLVED
550293 plugin-crashed UI needs more user opt-in -- RESOLVED
552124 "undo history" in urlbar exposes urls visited while in private browsing -- RESOLVED
553406 Crash reporter can leak info from Private Browsing mode -- NEW
557598 Support strict-transport-security (STS) in private browsing mode -- RESOLVED
560131 Password-protected profiles -- RESOLVED
562644 Ensure correct Places shutdown sequence and avoid sync expiration stuff. (Clear locationbar history on shutdown) -- VERIFIED
562917 [meta] implement captive portal detection P3 RESOLVED
563145 "Clear Recent History" doesn't work for me -- RESOLVED
563595 No button to delete local synchronized mail only -- NEW
564145 Provide opportunity to abort retrieval for "leave an encrypted page for one that isn't encrypted" -- RESOLVED
564690 Information leak in security exception allows user tracking, phishing -- RESOLVED
565561 Include option to delete Flash cookies -- RESOLVED
565670 Information disclosure when using notifications and xscreensaver -- REOPENED
565740 Clear the chrome search field input when navigated away from the results page, and make it tab-specific P5 NEW
565768 Let people nuke individual entries in the AwesomeBar directly from it -- RESOLVED
566010 Remove the ability to create bookmarks while in private browsing mode -- RESOLVED
566423 Consider standardizing/normalizing navigator.plugins (browser fingerprinting) -- RESOLVED
566827 Privacy Leak: Windows 7 Jump List ignores "Clear history when Firefox closes" setting -- VERIFIED
567308 Test Pilot needs to clean up after itself; delete old prefs and data P1 RESOLVED
568373 Private browsing saves the path of Uploaded files in Gmail -- RESOLVED
568564 Suppress the script filename for cross-origin error events (SA39925) -- RESOLVED
572650 [meta] Reduce the amount of data and entropy sent out in HTTP requests P5 NEW
572652 Remove the Accept-Charset header from HTTP requests -- VERIFIED
572659 Don't expose the Gecko patch level (13.X.Y) in the UA string, only show the major version (13.X) -- VERIFIED
572661 Don't expose the Gecko build date in the UA string -- RESOLVED
572665 Make the UA string of non-Firefox-branded builds say "Firefox" -- RESOLVED
572667 Remove the Accept-Language header from HTTP requests and the accompanying UI from prefs -- RESOLVED
573150 crash reporter inadvertently sends IE cookies to crash submission URL -- RESOLVED
575007 When using the HTC Sense Keyboard on password boxes text suggestions appear -- VERIFIED
576621 clearing cache does NOT clear cached images -- RESOLVED
576731 IMAP folder synchronization and global indexer should be opt-in for privacy reasons -- RESOLVED
577221 Firefox doesn't remember "submit crash report" check box -- RESOLVED
577512 (more) cross-domain information leakage with Math.random() -- RESOLVED
577685 Do not allow adding search engines during private browsing mode -- RESOLVED
577689 Do not store intermediate CAs in private browsing mode -- RESOLVED
579334 Async visits are ignoring a disabled history -- RESOLVED
579358 Repainting of form controls(input type=file") fails intermittently when I close menupopup(App button menu and contentarea context menu etc.) which overlapped with the control each other, when disabled D2D and D3D9 -- RESOLVED
580099 Prefetch DNS for hosts needed during startup -- RESOLVED
580374 Async visits could be handled after a sync API that removes pages (like clearHistory) -- RESOLVED
580892 Checking 'clear history when minefield closes' is not clearing cache on shutdown but on startup -- VERIFIED
581008 Remove support for appending arbitrary data to the User Agent string -- RESOLVED
581193 button[type="menu-button"] looks like a dropdown, but acts like a button -- RESOLVED
581515 dragging attachment from received message to compose window can attach the wrong file -- NEW
583175 Add a security delay to the main action of PopupNotifications -- RESOLVED
583181 Don't reveal navigator.buildID to every site on the web P3 RESOLVED
583886 Nuke or nerf history.length -- RESOLVED
586885 show search suggestions when entering text in awesome bar P3 VERIFIED
587523 Protect path of HTTP Referer Header when in Private Browsing P2 VERIFIED
593174 Referrers/origins broken and spoofable via cross-window location manipulation -- RESOLVED
594537 opener.location allows tracking user's browsing -- RESOLVED
595178 Dismissed "Remember password?" notification sticks around for too long -- RESOLVED
595207 E4X function:: namespace allows recognizing user despite clearing private data -- RESOLVED
595307 IndexedDB: third-party checks -- RESOLVED
596976 add bookmark dialog behaves as if clicked okay when clicked outside -- RESOLVED
597129 Web page can steal paste text. Textbox in web page is changed to pasted text temporarily when execute "Paste & Go" or "Paste & Search" command. -- RESOLVED
598925 Prevent obnoxiously persistent cookies (forevercookie) -- RESOLVED
599294 Let me confirm/pref HTML5 storage for sites -- NEW
599724 Tracking bug to treat "localStorage cookies" the same way as http cookies P3 RESOLVED
600025 CSS timing attack on global history still possible with MozAfterPaint P3 VERIFIED
600881 Able to copy password from password manager without entering master password -- RESOLVED
600982 Clear DOM storage entries for a domain when using the Forget about this site feature -- RESOLVED
601526 XSS Exploit allows for Geolocation Stealing -- RESOLVED
601527 CSS Exploit allows for Privacy Invasion -- RESOLVED
602199 Eliminate cached console data when moving in and out of Private Browsing P1 RESOLVED
605658 Home page settings are revealed in about:support but should be hidden unless needed for support P5 NEW
606403 Forget About this Site doesn't purge entries in session history P3 ASSIGNED
610252 Disabling geolocation in about config does not prevent geolocation -- RESOLVED
611112 Default location in the start page message area reveals information and is susceptible to DNS hijacking -- RESOLVED
611168 Improve private browsing mode's entry text -- RESOLVED
612242 Cookies are not filterable based off of name -- RESOLVED
614116 Insecure sites may modify existing secure items in globalStorage when in PB or SO-cookies mode -- RESOLVED
615711 CSP reporting exposes the presence of add-ons that inject certain elements in the DOM P2 RESOLVED
616619 Autocomplete allows sites to see what other sites a user has visited and possible data as well -- NEW
618311 Inspect Network Request window persists on close of Web Console - PB data leak -- VERIFIED
620090 Disappearing attachments when some deleted from list of 9 or so -- RESOLVED
620853 Holding Ctrl+Enter a little too long causes unintentional confirmation of "Send Message?" prompt, and sends multiple copies of the message - only plain Enter (without modifier key) should confirm the prompt -- NEW
623198 Improve UI to workaround scam detection generating too many false positives -- RESOLVED
627239 Don't store thumbnails for cache:control:no-store pages P1 RESOLVED
627432 simple-storage store not purged when add-on is uninstalled -- RESOLVED
627472 Change values for sessionstore.privacy_level_deferred to not save secure session cookies -- VERIFIED
627686 Thunderbird sends Spam information in email header -- RESOLVED
628043 The last closed window is restored when a secondary window is left open and a new browser window is opened -- VERIFIED
628642 Information leakage - Firefox 3.6.13 stores private information of https-session in browser cache/history -- RESOLVED
628747 SVG-as-an-image shouldn't be able to load external resources (which might come from other domains) (including same-origin resources, which could be using an open redirector) -- RESOLVED
629858 strict warning "function f does not always return a value" can cause buffer overreads -- RESOLVED
632127 Recipient autocomplete angle brackets characters (doe >> John Doe <john@asdf.com>) remain in recipient field and get sent with message header (when clicking send without manually confirming autocomplete) -- RESOLVED
633644 nsUrlClassifierDBServiceWorker::GetLookupFragments returns duplicate fragments in some cases -- RESOLVED
633773 Use Google's HTTPS search by default -- RESOLVED
634257 nsUCS2BEToUnicode fails to adhere to the API contract when given a buffer with one byte -- RESOLVED
635439 Remove doorhanger key icon when "Not now" is selected in Password Save doorhanger -- RESOLVED
637482 Broken Link to Privacy Policy: 404 Page Not Found -- VERIFIED
639722 Provide UI for opting out of sending add-on information to the discovery pane -- RESOLVED
639968 Add checkbox to Software Installation preferences to opt out of personalized add-on recommendations -- RESOLVED
640033 Add checkbox to Security or Advanced preferences to opt out of personalized add-on recommendations -- RESOLVED
640745 Avoid sending client certificates in the clear in TLS handshakes when possible -- RESOLVED
644020 Client cert dialog should indicate whether cert will be sent in the clear or encrypted P5 NEW
644998 Session should not be restorable after "Clear Recent History" -- RESOLVED
645080 [adbe 2834581] Per-site clearing of Flash Player LSOs should get hooked up to the privacy pane -- RESOLVED
645683 Remove "Do you want to enable auto-update" prompt for CRL import -- RESOLVED
648064 Application cache should not bother user -- RESOLVED
648186 HSTS can be used as a tracking mechanism analogous to cookies -- RESOLVED
648654 Add user-visible pref for Do Not Track -- VERIFIED
648941 Starting private browsing: keep-alive http connections are not terminated -- VERIFIED
650280 Switching from Private Browsing to Normal Browsing keeps search strings while in Panorama -- RESOLVED
650409 Provide users with the ability to disable third party localstorage -- RESOLVED
650827 Implement the Right to Be Forgotten on Thunderbird's mail headers -- UNCONFIRMED
651276 Problem with master password -- RESOLVED
652002 Clear Recent History must clear OCSP cache when "Site Specific Settings" is checked P3 NEW
652003 Clear Recent History must clear intermediate certs cached during the given time period P3 NEW
652004 Do not cache intermediate certs in private browsing mode -- RESOLVED
652298 Certificate Exceptions added during Private Browsing should be forgotten when leaving Private Browsing -- RESOLVED
652631 Sync do not track (DNT) pref across applications -- RESOLVED
654502 [meta] Improve Thunderbird's scam / phishing detection and user interaction -- NEW
654550 Preference to disable video statistics -- RESOLVED
655367 fingerprinting installed apps through a timing attack using moz-icon: and WebGL -- RESOLVED
657237 Session tickets generated by libssl leak length of client certificate P3 NEW
657263 xulstore is keeping a quasi history via place: and find: urls in RDF:about attributes P3 RESOLVED
657733 softoken sqlite metaData are added but never deleted P5 RESOLVED
659306 unexptected favicon connection to Web when open Preferences/Applications -- NEW
659348 Flash from previously closed tab reappears when firefox hangs -- RESOLVED
660595 Inbox shows data and time for download mail greater then one day then system date and time -- RESOLVED
660719 the browser shouldn't accept cookie(s) from "safebrowsing" provider (ie. Google) during "safebrowsing" communication -- RESOLVED
661573 Telemetry: Do not record/send data in private mode -- RESOLVED
662257 Save attachment folder defaults to Thunderbird installation folder if last folder used is disconnected network directory / share -- UNCONFIRMED
662996 OCSP requests leak cookies -- RESOLVED
663782 After private browsing, windows not treated properly when exiting. -- RESOLVED
664633 Improve privacy & security of Thunderbird account autoconfiguration -- REOPENED
664634 Improve Thunderbird's behavior if an invalid certificate is seen for a host with a previous good certificate -- NEW
664636 Thunderbird should (semi-)automatically improve the security-related server configuration settings when it knows an improvement could be made -- NEW
664637 Thunderbird auto-configuration database should be expanded & updated by regularly spidering every domain on the internet -- RESOLVED
664646 Message Reader de-references IMG SRC links in email attachments from untrusted senders -- RESOLVED
664694 about:home -- VERIFIED
665531 [Linux] Store that file was downloaded from the Internet (Extended Attribute user.xdg.origin.url) -- NEW
666204 Browser uploads private data after user says "no" -- RESOLVED
666387 Full path of file is exposed to content -- RESOLVED
666782 Firefox updates bookmarks favicons while In Private Browsing. -- NEW
669160 Search will remember address after deleting all emails and address book entries for that address -- NEW
669814 When needed, automatically update Accept-Charset to match Accept-Language if the latter is changed by user via UI (with possible opt-out feature) -- RESOLVED
670450 Google search from about:home should not reveal anything about user's UI locale in URL -- RESOLVED
670451 OpenSearch "language" and MozSearch moz:language parameters shouldn't use UI locale -- RESOLVED
672352 Explain how Firefox uses permissions in Android Market description P2 RESOLVED
673175 information leak - email address of last user to comment awaiting moderation was being shown P1 RESOLVED
673248 Name compartment after shared origin instead of first URL -- RESOLVED
674741 WebNFC (near-field communication) -- RESOLVED
675333 Notify user about ToS/PP changes through the Sync client UI (Terms of Service, Privacy Policy, notification, updates) -- RESOLVED
675818 Add delete button to awesome bar result matches P3 RESOLVED
679921 sessionstore.json sessionstore.bak not encrypted (SeaMonkey and Firefox) -- UNCONFIRMED
680300 Restrict discoverability of protocol handlers [Tor 1623] P2 RESOLVED
682455 Granting permission to a specific site to access geolocation five times should not grant this permission permanently -- RESOLVED
683462 First-time Private Browsing warning/info messagebox is a security vulnerability -- RESOLVED
684033 Protect user privacy by implementing "click to play" for social network buttons -- NEW
684035 Saving attachment from X-Mozilla-External-Attachment-URL presents no dialog before downloading URL -- NEW
685373 update telemetry opt-in text to include feature/app usage -- RESOLVED
686135 Extensions cannot find out when a certificate fails certificate chain validation -- RESOLVED
690992 App tabs break deleting cookies on close (FF8+) -- VERIFIED
691054 Back out bug 667980 (getNetworkLinkType) on Android because of scary permissions -- VERIFIED
692869 Users should have more flexibility in how public their profile information is shown P1 VERIFIED
694054 Firefox allows extensions to ignore cookie expiration preference -- RESOLVED
695487 Feature: do not show potentially embarrassing autocomplete matches in the awesomebar -- RESOLVED
695533 Implement click-to-plugin in Firefox -- RESOLVED
696036 "show passwords" is not secure -- RESOLVED
696652 With multiple identities, TB wrongly picks random non-default alternate identity for From: based on matching domain only (instead of full email address) -- RESOLVED
697941 add link to about:permissions from options->privacy -- RESOLVED
697942 Add "Do not remember browsing history" option in about:permissions -- RESOLVED
699716 Incorrect screenshot shown when starting up after clearing app data P2 VERIFIED
703020 OCSP requests leak cookies -- RESOLVED
703024 Back out bug 662996 (OCSP requests leak cookies) because of bug 701019 -- VERIFIED
704613 Email replies are send under wrong identity -- RESOLVED
704779 App tabs causes Firefox to remember _all_ previous sessions after restart -- RESOLVED
705544 Preferences/Privacy/History does not honour my setting -- UNCONFIRMED
705545 Preferences/Privacy/History/Exceptions (blocked sites) got cleared when Clear Recent History -- RESOLVED
705704 Hide email address in From: selection -- UNCONFIRMED
706960 Privacy leak in http://hacks.mozilla.org -- RESOLVED
708995 Find out what fallback charset users choose for each localization -- RESOLVED
711552 Create click to play UI for desktop -- RESOLVED
711618 implement basic click to play permission model -- RESOLVED
720968 cookie exception rules can be modified by site javascript -- RESOLVED
721398 moz-page-thumb protocol should not be accessible from a web page -- VERIFIED
721408 moz-page-thumb protocol should not access from a web page -- RESOLVED
724179 Gecko sends cookies and HTTP auth credentials in mixed-content requests P3 NEW
724182 Gecko sends cookies and HTTP auth credentials in cross-domain requests to an unrelated domain for images and scripts that haven't been approved by CORS P3 RESOLVED
725629 Remove user data from Android databases -- RESOLVED
728658 Handle HTTP error 511 Network Authentication Required (RFC 6585: standard secure proxy authentification/captive portal detection) -- RESOLVED
728831 Don't expose the Firefox patch level (13.X.Y) in the UA string, only show the major version (13.X) -- RESOLVED
728888 Don't expose the Fennec patch level (13.X.Y) in the UA string, only show the major version (13.X) -- RESOLVED
728894 [B2G] Don't expose the Firefox patch level (13.X.Y) in the UA string, only show the major version (13.X) -- RESOLVED
728952 Don't expose the SeaMonkey/Firefox patch level (2.10.Y/13.X.Y) in the UA string, only show the major version (2.10/13.X) P5 RESOLVED
730420 Registration should mention that the Username will be public P3 RESOLVED
731047 Clean up old profile after Firefox profile reset -- VERIFIED
732522 Allow submission of telemetry data with SUMO feedback -- NEW
733215 telemetry for search suggestions and engines -- RESOLVED
735863 Implement navigator.geolocation.getAddress() -- RESOLVED
736373 Limit or remove OS information in User-Agent P3 NEW
737403 Concerns about B2G privacy -- RESOLVED
737548 pre connect http sessions on link hover -- RESOLVED
737559 "Assertion failure: !proto->getClass()->ext.outerObject" -- VERIFIED
738131 implement device proximity -- RESOLVED
738376 Use https://encrypted.google.com/ instead of https://www.google.com/ for security and privacy reasons -- VERIFIED
741810 [Privacy Review][Action Item] Logging Policy -- RESOLVED
743152 Automatically delete personal EXIF data from images when uploading -- RESOLVED
744466 Isolate DOM Storage to first party domain (Tor 6564) P2 RESOLVED
746855 [ASan] READ heap-buffer-overflow in format-number() -- VERIFIED
749541 Encrypt email addresses in old emails and address book -- NEW
751465 Websockets leak DNS requests (Tor 5741) -- RESOLVED
751661 Mozillians Phonebook API: Security Review P4 RESOLVED
752143 Use speculative connect for inline-autocompleting beyond the domain name -- RESOLVED
753622 Check in mochitest for bug 737559 after Firefox 14 ships -- RESOLVED
754608 [New Tab Page] shows thumbnails from pages with "Cache-Control: no-store", and HTTPS pages when HTTPS disk caching is disabled -- RESOLVED
755284 Fingerprintable information in update behavior P3 UNCONFIRMED
755996 [New Tab Page] shows sensitive information in the thumbnails P3 RESOLVED
756744 Sometimes Flash Video Downloader logs the visited site in system.log -- RESOLVED
758232 Telemetry for WebRT -- RESOLVED
758857 Use Wikipedia's HTTPS search by default for Firefox desktop and Android -- VERIFIED
761040 Offline cache entries are created for no-store entries -- RESOLVED
766397 PasswordsRepoSession leaks PII (full record details!) P1 VERIFIED
766495 Draft composition shows wrong in-line images from other draft, if other draft mail is placed at original offset of editing draft mail by Compact. So, if mail is sent without draft save after Compact, wrong image is silently sent by Tb. -- VERIFIED
769127 Google (and possibly other) cookies are not cleared on shutdown despite Clear Cookies checked in Prefs UI -- RESOLVED
769145 Add an opt-in for the search suggestions feature -- VERIFIED
770115 Thumbnail storage setting should be explicit -- RESOLVED
773338 history timing attack with href switching -- RESOLVED
773788 Provide client-side urlbar suggestions for top domains -- RESOLVED
774517 Don't request search suggestions for strings that look like URLs -- RESOLVED
775425 "Clear History when Firefox closes" doesn't work -- RESOLVED
776397 privacy enhancement: prevent local timestamp disclosure via Date and Message-ID header fields -- RESOLVED
776710 Uncontrollable, undocumented user tracking in addons UI -- RESOLVED
777224 Alarm API - .getAll() and .remove() can only interact with alarms scheduled by the same app -- RESOLVED
777725 If one Username with Password is stored, you can read it by javascript -- RESOLVED
779197 Use a protocol not accessible from content P3 RESOLVED
783047 Update SafeBrowsing to use HTTPS -- RESOLVED
783203 In Firefox 13 updated new tab system the thumbnail which takes snapshots of sites you visit, then replays them later when you use the New Tab window again.It clearly reveals the content of the earlier secure browsing. -- RESOLVED
783438 Cookies re-appear after coming out of private browsing (even after "clearing" cookies) -- RESOLVED
784505 Fennec shouldn't use the GPS when the tab or app is in the background P3 REOPENED
786276 Don't autofill logins in frames that are not same-origin with top-level page P2 VERIFIED
787521 Disable theme-related CSS media queries features when not in chrome context -- RESOLVED
791196 .part files not removed after cancelling Private Browsing during a download -- RESOLVED
791943 navigator.mozApps.install can be used to enumerate local file names -- RESOLVED
795834 Privacy issue with pdf.js remembering last view P1 VERIFIED
796292 [camera] get rid of geolocation permission prompt -- RESOLVED
798160 About:support should not copy the sync username and account as it may be personally identifiable -- RESOLVED
799017 error -- RESOLVED
799450 Thunderbird adds the text of an email in the Drafts folder to an email I send (Confidential data in other/irrelevant draft mail is silently exposed to unexpected recipients by Tb as data of image part) -- VERIFIED
803582 Usage of OCSP fetching makes Firefox slow P3 NEW
803806 Local Privacy/Security vulnerability - Session Restore writes visited URLs, history, titles, referrers, and more to sessionstore.js (on exit), allowing prior session restoration even with all histories disabled&cleared and about:config set to disable SR. -- RESOLVED
807026 [Browser] "History" awesomescreen view briefly displays your old history, *after* you've cleared history P3 VERIFIED
807030 [Browser] "Clear History" doesn't clear Top Sites. (and there's no other obvious way to clear them) P3 VERIFIED
807056 [Browser] Clear History doesn't clear back/forward history in open tabs P3 VERIFIED
807059 [Browser] "Clear Private Data" doesn't clear cookies, even though it says it will P3 RESOLVED
807065 [Browser] Clear Private Data needs clarification on what it will & won't clear (especially when it differs from Firefox on Android) P1 VERIFIED
811582 window JS object provides a large amount of identifiable information -- RESOLVED
812167 302 Redirect Responses are Cached to disk despite "Cache-control: no-cache", no-store", "Pragma: no-cache" and "Expires: -1" HTTP header being set -- RESOLVED
812956 Implement FFOS Privacy Policy P2 RESOLVED
812972 Modify geolocation behaviour from Everything.me P1 RESOLVED
816318 Use System download manager on GB+ -- RESOLVED
816866 Certificate errors frequently caused by captive portals should trigger captive portal detection -- RESOLVED
818337 Provide Usable and Effective Third-Party Web Tracking Countermeasures (Meta) -- NEW
818340 Block cookies from sites I haven't visited -- RESOLVED
818357 Settings "About your privacy" link for "Browser OS" goes to a Firefox *web browser* privacy page -- RESOLVED
819343 System-wide icon/etc for active camera/mic use (webrtc) -- RESOLVED
822516 encrypt thumbnail image files -- RESOLVED
822790 Privacy technical followup for spdy persistent cwnd setting -- RESOLVED
822869 Expand user options and limit default behavior for sending of HTTP referers -- RESOLVED
822948 Don't capture thumbnails when 'Cache-Control: no-store' is given in a meta tag (instead of a HTTP header) -- RESOLVED
823233 unrequested nsmail.tmp attachment being added to forwards -- RESOLVED
823829 thumbnail service captures pages that have "Cache-Control: no-store" content -- REOPENED
825469 Download history is not deleted -- RESOLVED
826273 Opening private tab and attempting to open a tab from last time opens it in a normal tab -- VERIFIED
827193 disclosure of profile directory name in JavaScript variable visible to Workers -- RESOLVED
830628 pdfjs.database stored in prefs.js even in private browsing mode -- RESOLVED
831494 Everything.me tracks usage in great detail -- RESOLVED
832660 "maintain offline storage" permission(s) confusing and incomplete -- RESOLVED
839698 Private browsing API/environments are broken for extensions in Firefox 21 (nightly) -- RESOLVED
839856 Emails with remote content viewable cannot stop showing remote content -- RESOLVED
840271 Gallery exposes GPS EXIF data when sharing photos to third party apps -- RESOLVED
840678 Use HTTPS instead of HTTP for input.mozilla.org submissions -- RESOLVED
840750 Backout bug 818340 from Aurora after 2/19/2013 merge day -- RESOLVED
840828 Add metrics to FHR for SocialAPI P2 RESOLVED
840928 Transition to a WebKit engine -- RESOLVED
845758 cookie permission dialog and page info dialog should handle cookie permissions set ALLOW_FIRST_PARTY_ONLY -- RESOLVED
845787 enable to set cookie permission "Allow First Party Only" from Cookie Permission dialog -- RESOLVED
847884 Option "Warn Me when web sites try to redirect..." should be treated like other "permissions" -- RESOLVED
849451 Send more CPU info in FHR payload P4 RESOLVED
849694 Scam Detect should have parameter changed from Yes/No to Gradient 0-255 -- RESOLVED
849947 FHR submission counts vs Blocklist ping P1 RESOLVED
850066 Consider sending an empty Health Report payload if user has opted out P4 RESOLVED
850909 Use background tab thumbnailing service for Top Sites in Metro Firefox -- RESOLVED
854798 Compacting Berkeley Mbox file changes messageKey (to new MsgOffset after compact), causing dataloss/privacy problems (bug 817245 / bug 799450, bug 766495) due to current design problem of MsgKey=MsgOffset (for Berkeley Mbox files) -- VERIFIED
856909 clear history on firefox close is not clearing thumbnails -- RESOLVED
863063 quitting private browsing mode does not delete partially downloaded files -- RESOLVED
863246 resource:// URIs leak information (Tor 8725) P1 VERIFIED
863332 Private Browsing will use existing (app)cache during private browsing sessions [VN: JVN#34899401 / TN: JPCERT#93478616] -- RESOLVED
863777 Teach ANR reporter to use the profiler to get a native stack -- RESOLVED
864047 Combine -- and Delete -- Special Caches with General Cache -- NEW
867501 Date.toLocaleFormat exposes OS locale (Tor 13019) -- RESOLVED
869398 Don't pollute search URLs with branding -- RESOLVED
870667 Reinstate the dom.enable_performance preference, but have it just control what gets returned from performance.timing.* -- RESOLVED
870790 master password & history cleaning -- RESOLVED
873361 Unique App ID origins can be used as a tracking mechanism -- RESOLVED
877159 [Meta] Tracker bug for attachment paradigm failures - "attach/embed immediate snapshot" VS. "attach/embed later when sending" -- NEW
884270 Link Visitedness can be detected by redraw timing P3 RESOLVED
886679 Privacy-Technical Review: Shumway SWF Runtime -- RESOLVED
890620 Password dialog doesn't mask password -- VERIFIED
890739 Sending to List from Addressbook does not use BCC, breaks privacy by default -- VERIFIED
891116 Click-to-play permissions set in private browsing stay around after exiting private browsing (privacy leak) P1 RESOLVED
891289 connection to sb-ssl.google.com:443/safebrowsing.clients.google.com:80 despite browser.safebrowsing.enabled set to false -- RESOLVED
891291 connection to services.addons.mozilla.org:443/versioncheck-bg.addons.mozilla.org:443 despite updates are disabled -- RESOLVED
891629 Blocking storage of HSTS data for third-party domains (when requested) -- UNCONFIRMED
896509 Record guest mode usage in FHR for Android -- RESOLVED
898109 Draft autosave sends incomplete message prematurely, emails without warning when composing -- RESOLVED
900541 Contacts side bar: First address wrongly pre-selected when changing address book (risk of sending message to unintended recipients) -- RESOLVED
903959 custom resource://foo/ allows fingerprinting addons -- RESOLVED
904341 Content-blocking Add-Ons and Tracking Protection not working with background thumbnails -- NEW
904478 "Reply with Template" Filters leak email address to mailing lists -- RESOLVED
905258 Firefox doesn't support/report "AES cipher, 256-bit key" on https://www.fortify.net/sslcheck.html -- RESOLVED
906448 An ETag set outside of private browsing mode will be sent in private browsing mode and vice versa (also with containers) -- RESOLVED
907707 Security issues related to users making directories available to a page via <input type=file directory> or drag-and-drop P3 NEW
909024 Stylish config leaks from private browsing -- RESOLVED
909771 We can access user browsing information in Private Mode with our implemented extension hence the extensions are not disabled by default in Private mode. -- RESOLVED
912202 Unify site-specific and third party permission across all forms of local storage P3 NEW
917871 Privacy Review: Necko Predictive Network Actions -- RESOLVED
920246 Privacy-Technical Review: TogetherJS -- RESOLVED
921462 "Reset Firefox" UI does not mention the desktop backup of the old profile -- NEW
925376 Autofilled usernames+passwords should not be accessible to page JS before form submit -- RESOLVED
926761 URL guessing/searching are major privacy/security problems and need to be easily configurable, with prompt or default-off. -- RESOLVED
926899 Support DNT on websites -- RESOLVED
930179 Stifle URL logging for private tabs with the new Intent:GetHandlers message -- RESOLVED
930638 HSTS state can track users, follows them in to private browsing mode -- RESOLVED
937976 libssl stores current time in gmt_unix_time field of ClientHello and ServerHello; should use random value -- RESOLVED
939666 Firefox should allow disabling automatic connections for "Get Add-ons" -- RESOLVED
941081 Privacy-Technical Review: [Program] FxA on FxOS (v1.4) P1 RESOLVED
941139 Changing sender of reopened draft message (with 1 other field manually prefilled) does not prompt to save msg when closing: verify / finetune behaviour of gContentChanged with senders/identities (which might involve auto-cc/bcc recipients) -- NEW
942353 places.sqlite: moz_inputhistory will not be deleted when erasing history P3 RESOLVED
942613 formhistory.sqlite: Will not be cleared when removing history, when form history is not enabled -- NEW
942808 Privacy-Technical Review: Screen sharing UI -- RESOLVED
945499 Switch BrowserUITelemetry from using UITelemetry's event logging to just counting events -- RESOLVED
946705 [Privacy] Google Analytics anonymize Ip -- RESOLVED
947759 Preload HSTS for Google-specified domains -- RESOLVED
952969 Paypal fishing/phishing not recognized b/c of shortlink in JPG and service@paypal in addressbook -- RESOLVED
957977 [META] Remote Privacy Protection -- RESOLVED
958873 Use HTTPS for Bing searches -- RESOLVED
958874 Use HTTPS for Bing search -- RESOLVED
958877 Use HTTPS for Wikipedia searches -- RESOLVED
958883 Use HTTPS for Yahoo searches -- VERIFIED
958885 Use HTTPS for eBay searches from the search box -- RESOLVED
958886 Use HTTPS for amazon.com searches from the search box -- VERIFIED
959893 [meta] WebRTC Internal IP Address Leakage -- NEW
959985 Notification bar for offline storage is always being bypassed despite ticking "tell me when a website asks to store data for offline use" in preferences -- RESOLVED
960017 heap-buffer-overflow (read) at mozilla::gfx::ColorComponentAtPoint -- VERIFIED
960875 Optionally limit possible browser size to increments of some number P5 UNCONFIRMED
962552 Clear history completely -- UNCONFIRMED
966030 Implement navigator.mozAppDetails and expose the property on white-listed domains -- RESOLVED
966752 Security & Privacy Add-On P3 RESOLVED
968458 Track app install/uninstalls per user+device P4 RESOLVED
970092 change default referer setting P5 RESOLVED
970136 HTTP referer: Allow to send target host as referer when crossing domains P5 RESOLVED
971171 Measure with telemetry how many times people see about:newtab -- VERIFIED
973422 'clear recent history' forgets what page you're really on P3 UNCONFIRMED
975570 Measure with telemetry how many times people interact with about:newtab -- VERIFIED
983799 Technical Privacy Review: The feature detection API -- RESOLVED
984826 Private tabs should close when leaving Firefox -- RESOLVED
986091 Privacy-Technical Review: Directory Tiles (Services) -- RESOLVED
986966 pdfjs.database not cleared when clearing history P2 RESOLVED
989606 Use Web of Trust data to improve spam/scam detection (wot) -- NEW
1000253 Background tabs with persistent device permissions can access devices without the user noticing -- VERIFIED
1001973 Add an option to ask for the master password at startup -- RESOLVED
1008620 Clearing history should also clear jump list cache on Windows -- RESOLVED
1011279 Privacy-Technical Review: Democratize API access on Mozillians.org -- RESOLVED
1013947 Remove legacy signons.sqlite files and references P5 RESOLVED
1019583 Enable notifications by default again for using offline storage and update Offline Web Applications preference pane -- RESOLVED
1020539 about:networking hostname list not clearing after deleting history -- VERIFIED
1022444 Randomize MAC address when doing a Wi-Fi scan -- RESOLVED
1024017 Add ability to choose info shown in the desktop chat notifications -- RESOLVED
1025569 Notifications for requests from Offline Web Applications offer beyond-session options in Private Browsing mode -- RESOLVED
1025684 With mail.identity.default.autocompleteToMyDomain=true, edit an address after autocomplete and autocomplete reselects the first choice, even reverts to a different address (only for speedy corrections!) -- RESOLVED
1028733 Folder to which a file was saved in Private session, and used for opening in normal session -- NEW
1033374 impossible to copy-paste parts of a link without visiting it. text select opens link -- UNCONFIRMED
1033470 Add Tor panel in Firefox OS settings. -- RESOLVED
1033826 Randomize MAC address on ifup -- RESOLVED
1034842 Firefox should preload favicons for default protocol services it ships P3 REOPENED
1038296 Use of Places and related browsing-history mechanisms in Thunderbird [meta] -- NEW
1038448 Lockscreen should not show contents of notifications if I have a PIN setup -- RESOLVED
1039069 Warn the user that customizing the preferred language list (Accept-Language) can be used for fingerprinting P1 RESOLVED
1042880 Initiate geolocation request *before* user clicks "Share Location" button to reduce UI latency -- VERIFIED
1044073 No option to totally stop connections for add-on update compatability checks -- RESOLVED
1044559 Email reply sent to wrong recipients -- RESOLVED
1046207 Compose Message window ghost exposes contents of previous composition for a moment when starting a new message -- VERIFIED
1046768 Private Browsing Indicator Not Present In Title Bar When Firefox Launched With -private Switch -- RESOLVED
1047098 'Clear Recent History' with 'Cache' or 'Offline Website Data' doesn't clear QuotaManager storage and ServiceWorkers P1 VERIFIED
1048444 Search activity displays private browsing searches from browser P1 VERIFIED
1048513 location bar: In Private Browsing mode Firefox shouldn't save browser.fixup.domainwhitelist. entries -- VERIFIED
1049807 Firefox remembers full screen mode even when using private browsing -- RESOLVED
1049994 Privacy-Technical Review: Project Plan Coordinator for Grow Program -- RESOLVED
1051218 Downloaded file List in Private Mode are kept in Normal Mode -- RESOLVED
1054739 Reduce HTTP Accept-Language Entropy -- RESOLVED
1055414 Privacy-Technical Review: Project MozID: Brand Identity Evolution -- RESOLVED
1057675 [META] Privacy Control -- RESOLVED
1057676 [META] Adjustable location accuracy -- RESOLVED
1060152 [RPP] Detect if Password set -- RESOLVED
1060154 [RPP] Detecting, Setting and Storing the Password in the SettingsDB -- RESOLVED
1060156 [RPP] Reset Password flow -- RESOLVED
1060157 [RPP] Main panel -- RESOLVED
1060159 [RPP] Detect if the screen lock is on -- RESOLVED
1060160 [RPP] create an SMS listener -- RESOLVED
1060162 [RPP] parse the SMS -- RESOLVED
1060163 [RPP] check the activation password -- RESOLVED
1060164 [RPP] trigger the functions appropriately -- RESOLVED
1060166 [RPP] report the location back with SMS, trigger remote wipe -- RESOLVED
1060168 [RPP] remove the password from the DB -- RESOLVED
1060169 [PP] First Panel -- RESOLVED
1060170 [PP] Guided Tour Flow P5 RESOLVED
1060172 [PP] Dashboard -- RESOLVED
1060173 [PP] Initialize the settings -- RESOLVED
1060174 [SETTINGS] Launch the Privacy Panel from Settings App -- RESOLVED
1060177 [ALA] Grid Algorithm -- RESOLVED
1060178 [ALA] check the settings DB for the location precision -- RESOLVED
1060181 [ALA] Return the chosen LA -- RESOLVED
1060546 Awesome bar autocomplete suggestions should prefer HTTPS URLs P3 RESOLVED
1061807 [ALA][UI] Implementation of Panel 1 -- RESOLVED
1061814 [ALA][UI] Implementation of Panel 2 in appropriate context -- RESOLVED
1061815 [ALA][UI] Implementation of Panel 3 in appropriate context -- RESOLVED
1061835 [ALA][UI] Implementation of Panel #4 P4 RESOLVED
1061840 [ALA][UI] Implementation of Panel #5 -- RESOLVED
1062607 [PP] Place the app in dev_apps -- RESOLVED
1062876 The "stop sharing" option in the video sharing control in the URL bar has no effect in iframes -- VERIFIED
1062920 WorkerNavigator strings should honor general.*.override prefs -- VERIFIED
1062981 Navigating away from a page with camera sharing in an iframe leaves camera recording -- VERIFIED
1063610 [ALA] reading app exception list (from setting DB) P3 RESOLVED
1064184 Search suggestions from remote services should stop after the user has typed a URL scheme -- RESOLVED
1068008 [ALA] Geolocation toggle not connected to the settings -- RESOLVED
1068017 [PP][UI]CHange the color theme -- RESOLVED
1068023 [ALA][UI] Slider doesn't look as it should -- RESOLVED
1068029 [ALA][UI] Per-app settings are not independent P4 RESOLVED
1068031 [ALA][UI] Panel1 - clicking anywhere on the screen deactivates LB -- RESOLVED
1068035 [ALA][UI] Panel 5 - text under not chosen setting is gray -- RESOLVED
1068039 [ALA][UI] Panel 5 User input is buggy -- RESOLVED
1068043 [RPP] parse the SMS - changes -- RESOLVED
1068044 [ALA] Return the chosen LA -- RESOLVED
1068601 [PP] Remove GT from PP -- RESOLVED
1068683 [RPP] Reset Password flow should always be available -- RESOLVED
1069144 [ALA][UI] Fix back button of Panel 1 -- RESOLVED
1069296 [RPP] Change password for RPP always present -- RESOLVED
1069915 [PP] Land Privacy panel app in /dev_apps -- RESOLVED
1070251 Anonymization does not anonymize inProcessTabChildGlobal URLs -- RESOLVED
1071042 [PP] Verify the localization of PP -- RESOLVED
1074134 Remote content not blocked in attached messages (forward as attachment) if sender white-listed him/herself in the remote content exceptions (comment #21) -- NEW
1074150 Second instance of incognito mode remembers the log-in session -- RESOLVED
1074169 Private tabs should be hidden/closed when app is not in active state -- RESOLVED
1074793 Opened attachment in /tmp is world readable and visible to all users -- RESOLVED
1077874 Don't expose Firefox patch level (32.0.x) in Safe Browsing requests, only the major version (32.0) P5 RESOLVED
1077986 offline storage permission setting not working correctly -- RESOLVED
1080969 [PP] Add warnings to Privacy panel app to make sure users are aware of limitations of geolocation accuracy -- RESOLVED
1082787 Search bar should not send URL to Everything.me / marketplace. -- VERIFIED
1083776 Privacy panel guided tour content isn’t comprehensive of FxOS security/privacy features -- RESOLVED
1083789 SMS involves inherent security risks -- RESOLVED
1086319 Multiple private windows with individually encapsulated cookies -- RESOLVED
1088565 [META] Privacy Panel version 2.0 -- RESOLVED
1089473 Unable to "Forget about this site" or otherwise mitigate punctilious HSTS effect -- RESOLVED
1089711 Recipient autocomplete: after selecting result entry with [cursor down],[cursor right], confirming with TAB or ENTER cunningly selects the wrong recipient (1st result) -- RESOLVED
1090433 Possible to track users visits to servers with particular HSTS configurations P3 RESOLVED
1092445 Default reply comment header shows emails to those not logged for accounts without a "real name" -- NEW
1093183 New tabs tile for Wells Fargo Online undesirably shows bank username -- RESOLVED
1093688 [PP] Adjustable Location Accuracy - Exception not working P1 RESOLVED
1095967 Icon of web notification API bypasses CSP and it's request shares cookie between non-private mode and private mode -- NEW
1097134 Tiles create cookies against my explicit choice to not accept cookies -- RESOLVED
1101378 video self-image can be cropped, falsely making users think they're transmitting less video than they are P1 RESOLVED
1101528 Firefox uses the same TLS session ticket and/or ID between normal and private browsing -- RESOLVED
1102808 [meta] Clear Recent History / Forget button blind spots P3 NEW
1105280 "About Privacy Panel" screen text is cut off -- RESOLVED
1105304 [l10n] Privacy Panel: long string truncated, untranslated elements, strings reused -- RESOLVED
1106158 Showing random video memory when dragging compose window from normal dpi to Retina dpi display -- RESOLVED
1106228 Polaris is enabled on Beta after configuration change on Nightly -- RESOLVED
1108249 Copying into an email only part of a locally-stored HTML document (from Firefox) results in whole file being attached to the email -- RESOLVED
1108547 Private browsing mode context is broken by <a> or <form> with target attribute -- RESOLVED
1110507 self-image can be cropped by being out of scroll (firefox embedded client) P1 RESOLVED
1111725 UMS (USB) mounting after reboot even without unlocking -- RESOLVED
1111992 [Privacy] Enable privacy control will cause device to keep rebooting when using geolocation P1 RESOLVED
1112264 self-image can be cropped by being out of scroll (standalone client) P1 RESOLVED
1112727 make minimum size of socialAPI chat window overridable on a per URL-basis P1 RESOLVED
1113393 Implement robust prevention of partial display of local video P3 RESOLVED
1113431 <meta name="referrer"> is ignored for navigations from the context menu and via a middle-click -- RESOLVED
1114475 Implement configuration to send a minimal User-Agent header, or no header at all, in sent emails -- RESOLVED
1114476 [DT][Privacy]change Privacy Panel to a meaningful word -- RESOLVED
1115218 [Settings][Privacy Panel] Guided tour's Back and Next buttons respond when tapped while the pages are transitioning -- RESOLVED
1117814 Deleted email content shows up in sent message after Thunderbird crash -- RESOLVED
1118155 [DT][Privacy] The latitude and longitude are 0 when enable privacy control -- RESOLVED
1118475 301 redirect cache should be cleared when cookies are -- RESOLVED
1119778 Forget about this site does not clear HSTS setting -- VERIFIED
1120325 Intermittent rpp_main_test.js | remote privacy protection main panel "before each" hook -- RESOLVED
1120398 Security: Addons with no contentaccessible resources can be enumerated via differing error results P5 RESOLVED
1120577 [Privacy Panel] Changing passphrase and entering wrong SIM PIN does NOT warn user of number of tries left before SIM will be locked -- VERIFIED
1120726 [Privacy Panel][Remote Privacy Protection] RPP functions disable notifications on the lock screen without notifying the user. -- RESOLVED
1120733 [Privacy Panel] The Back arrow button disappears after doing some actions -- RESOLVED
1121152 [UX][PP] Guided Tour screen slide with sliding UI buttons looks -- RESOLVED
1121212 [Privacy Panel][Geolocation] User can turn off Geolocation after RPP Locate is enabled. -- RESOLVED
1121232 [Privacy Panel][Remote Privacy Protection] Closing Privacy Panel in the Task Manager prevents first received RPP feature from functioning. -- VERIFIED
1121250 [Privacy Panel][Remote Privacy Protection] RPP Locate function will not send any return message or lock the device if there is no WiFi or Data network connection -- RESOLVED
1121643 Add an option to only expose whitelisted system fonts to avoid fontlist fingerprinting (Tor 13313) P3 RESOLVED
1121789 [Privacy Panel][Location Accuracy] Custom Location is not working -- RESOLVED
1122298 Lockscreen will not show accurate time after receiving RPP Lock command. -- VERIFIED
1122688 [Privacy Panel][Transparency Control] EmergencyCall has a missing icon in the Application list under Transparency Control. -- VERIFIED
1124127 Round Off Navigator Battery Level on Linux -- RESOLVED
1124867 [Privacy Panel][Remote Privacy Protection] Lock screen improperly respects Screen Timeout settings following an RPP function -- RESOLVED
1125070 [RTL][Settings]The app icons in Location Accuracy list is not mirrored. P2 VERIFIED
1128236 When on some VPN software Implementations, STUN candidates will still include your real IP address -- RESOLVED
1128892 Random confidential messages attached to another message -- RESOLVED
1130858 Recipient autocomplete suggestion overrides ANY manual address input if quickly entered/pasted and confirmed with Enter/Tab before autocomplete suggestions disappear -- RESOLVED
1131474 Following HTML links on RSS preview should't sends feed URL as referer -- RESOLVED
1133413 passwords of all known wifi networks are dumped to logcat -- RESOLVED
1135120 Search bar sends data to search engines even when search suggestions are disabled -- RESOLVED
1135728 air.mozilla.org vid.ly videos fail to load with tracking protection enabled (g-a breakage) -- RESOLVED
1136163 Content can set location.href to about:reader? urls and check for items in the reading list -- RESOLVED
1137589 Clear history does not delete Windows 7 start menu jumplist -- RESOLVED
1138022 Add support for telemetry of sensitive data using RAPPOR -- RESOLVED
1138033 Stubborn recipient autocomplete silently swaps recipients: Cannot compose message to valid, normal, new email address (doe@asdf.com/admin@foo.co) if similar longer address already exists in AB (john.doe@asdf.com/admin@foo.com) P2 RESOLVED
1139540 [Privacy Panel][Remote Lock] Lockscreen becomes unresponsive after remote lock -- VERIFIED
1144233 Recipient autocomplete considers last mouse-hovered contact from results dropdown "selected" and then uses that upon blur (e.g. when moving to subject) -- RESOLVED
1144598 Sender's identity incorrectly preserved after "Edit as New" -- RESOLVED
1147634 Can't remove google.com cookie via Remove Cookie button -- RESOLVED
1148032 BroadcastChannel API bypasses private browsing mode -- RESOLVED
1148033 BroadcastChannel API bypasses Browser API sandbox on B2G -- RESOLVED
1151366 File disclosure via covertly imposed attachments in HTML emails -- RESOLVED
1152448 "Forget About This Site" does not forget site's enumerateDevices Ids P3 NEW
1152517 Recipient autocomplete wrongly considers last mouse-hovered contact from results dropdown "selected" and then uses that unintended, random recipient upon blur (via Tab, Enter, or when moving to subject or body) P1 RESOLVED
1153087 External Android apps can automatically launch from Private Browsing tab, dropping any pretense of privacy -- RESOLVED
1153672 Fingerprinting individuals via performance.now() -- RESOLVED
1156107 <meta name=referrer> doesn't work when a popup created via target=_blank on a javascript: URI is navigated by that javascript: URI P5 NEW
1157643 Stop sending the roomOwner or always send it as guest -- RESOLVED
1157645 Always send the room owner as "-" P3 RESOLVED
1162176 Stop sending full IndexedDB database names as part of SlowSQL telemetry -- RESOLVED
1162327 MozTemp is not deleted -- RESOLVED
1166316 Old MozTemp-*s are still not deleted in non-debug builds. -- RESOLVED
1167489 "Spy in the Sandbox" - Security issue related to High Resolution Time API -- RESOLVED
1167856 Client configuration leakage via JS/protocol checking -- NEW
1169940 Ask users to enable tracking protection when they enable DNT -- RESOLVED
1173147 Prompt the user when opening intent URIs in private browsing mode -- RESOLVED
1176874 Restore ability to disable Session Restore completely -- NEW
1178104 Propagate referrer policy throughout the UI: command-click and context menu open link in new tab/window (Port relevant bits from Bug 1113431) -- NEW
1178220 Disabling FHR/Telemetry when unified not honored -- RESOLVED
1178547 Addressee changes when clicking send -- RESOLVED
1180201 Pictures from the mail i replied to got replaced with other pictures from other mail in my mailbox. -- RESOLVED
1180633 Reply to all with me on Bcc of original message should warn that my identity will be exposed to the recipients -- NEW
1181992 Folders not deleted : .\AppData\Local - .\AppData\Roaming - .\Program Files(x86) -- RESOLVED
1182129 [PP] Back out privacy panel -- RESOLVED
1182546 Use channel->asyncOpen2 in parser/htmlparser/nsExpatDriver.cpp -- RESOLVED
1182805 saved-telemetry-pings directory still created with Telemetry disabled in Firefox beta 40 P3 RESOLVED
1183100 Using 200hz the Gyroscope can be used to emulate audio inputs -- RESOLVED
1185158 Every time browser starts, it loads homepage first, even if it wasn't opened in last session, and only after that browser loads all correct pages. -- RESOLVED
1186489 Clamp the resolution of performance.now() in workers too -- RESOLVED
1187504 Find a better way to handle user credentials in Bugzilla Auth Delegation flow P1 RESOLVED
1187519 Take Bug 1152517 "Recipient autocomplete wrongly considers last mouse-hovered contact ..." and Bug 1130858 "Recipient autocomplete suggestion overrides ANY manual address ..." into TB 38.x P1 RESOLVED
1192739 UX confusion when entering recipient addresses ("double focus"): TAB or ENTER unexpectedly uses last-hovered contact instead of typed recipient from input box -- RESOLVED
1197499 EU cookie law breach -- RESOLVED
1197791 Password logged to Error Console -- RESOLVED
1198418 [meta] Local authentication Touch ID / Passcode support -- RESOLVED
1199289 Malformed http-auth like URL may issue a web research. -- VERIFIED
1201349 Undesired / unexpected attachment automatically sent (twice) -- RESOLVED
1201782 Phenomenon of bug 766495 (wrong image), bug 799450 (text data for image), and bug 817245 (endless attaching) ... even when Compact doesn't change messageKey. Caused by Repair Folder making messageKey re-used in MessageCopyMove and changed messageKey -- RESOLVED
1201973 "Stop Sharing" in gUM in-use doorhanger doesn't revoke persistent permissions in different-domain iframe -- VERIFIED
1204309 It is not clear to me exactly what private information the Tiles feature leaks to Mozilla, and third parties (including intelligence agencies) -- RESOLVED
1206001 Forget About This Site doesn't clear third-party data -- RESOLVED
1206459 cannot uninstall a CustomizableUI widget? meaning forget its position (all traces basically) -- RESOLVED
1209252 about:webrtc should have a clear screen button P1 RESOLVED
1211348 Don't restore private tabs after killing the app if "Close Private tabs when leaving private browsing" is enabled P1 VERIFIED
1211669 The Clock is Still Ticking: Timing Attacks in the Modern Web P5 NEW
1212029 Attachments hosting domain may expose user identity through SNI -- RESOLVED
1212138 Information leakage using <img src> with news or nntp URI scheme -- RESOLVED
1213692 Request: A way for a website to delete history (auto private) -- RESOLVED
1216793 Subresources loaded via XHR or fetch() are not caught by TP -- RESOLVED
1221786 about:webrtc includes calls from private browsing mode even after last pb session is closed P1 RESOLVED
1223718 Tracking protection prevents loading tweets module onto a webpage -- RESOLVED
1225322 Add "Do not remember browsing history for this site" option in site identity panel -- REOPENED
1228117 Determine security policy for DTD loads P3 RESOLVED
1228833 How to reset geolocation for all sites at once after the removal of about:permissions -- RESOLVED
1230559 Firefox does not clear HSTS “cookies” when closed after a private session -- RESOLVED
1231203 investigate OCSP requests causing disk writes in private browsing mode P1 VERIFIED
1231808 Hide "Pause" button from infobar P1 RESOLVED
1233289 Focusing the searchbar shouldn't refetch suggestions P5 NEW
1233691 Redesign mediaDevices.enumerateDevices() API -- RESOLVED
1233846 WebSpeech Synthesis API mustn't allow fingerprinting P3 NEW
1233982 Entering URL into Address Bar Initiates Connection P1 RESOLVED
1235065 [privacy] URL bar search suggestions: UI fails to warn users about severe privacy implications P3 RESOLVED
1236155 Information leakage problem when using smtp + starttls -- RESOLVED
1236264 please allow to disable spyware functionality -- RESOLVED
1238018 Firefox allows sites to store data for offline use without prompting -- RESOLVED
1239706 [RIL][Privacy] Introduce a pref to disable PDU_PID_SHORT_MESSAGE_TYPE_0 handling for more privacy -- RESOLVED
1239897 Browsing history leakage by utilizing :visited pseudo together with complex SVG's. -- RESOLVED
1240288 Possible privacy issue with "Show my windows and tabs from last time" -- RESOLVED
1240564 Local Shared Objects (LSO's) are left intact on Permanent private browsing (Never remember history) mode -- RESOLVED
1242226 HPKP information from normal sessions is also used in private sessions P2 RESOLVED
1244340 Same cookie being used when using Awesomebar via different containers P1 RESOLVED
1244470 Pinned tabs lost when closing+opening window while private window is opened. -- RESOLVED
1245571 Access to the add-ons installed P1 RESOLVED
1245578 nsCookieService is not shutdown-safe P3 NEW
1246324 Carefully crafted spam forcing Thunderbird to display a remote/tracking image -- RESOLVED
1246387 Use https for stub installer requests P1 RESOLVED
1246491 Firefox 44 do not correct delete form search history on exit -- RESOLVED
1246933 Unwanted attachments (Part 1.2.2) are sent for gmx accounts -- RESOLVED
1249151 Ask every time cookies Disappeared -- VERIFIED
1251222 Hide context menu in private browsing tabs when in the app switcher -- VERIFIED
1251954 Thunderbird attaching files automatically -- RESOLVED
1252998 "Forget" button does not clear Service Workers or their caches. P1 RESOLVED
1253003 Clearing "Cached Web Content" does not clear Service Workers or their caches. -- RESOLVED
1253005 Clearing "Offline Web Content and User Data" does not clear Service Workers or their caches. -- RESOLVED
1253009 "Clear your recent history" does not clear Service Workers or their caches. -- RESOLVED
1253027 Setting Firefox to clear all history on exit does not clear Service Worker caches. -- RESOLVED
1253031 Impossible to clear data cached by Service Workers through any exposed UI. -- RESOLVED
1254146 Active logins are no longer cleared when using custom history settings even if clear active logins is selected. -- RESOLVED
1254666 "edit as new message" on a received message prefills the sender as the composing identity -- RESOLVED
1254688 Resource Timing API is storing resources sent by the previous page. -- RESOLVED
1254911 Consider to prevent location update from firing when the document isn't visible for desktop/mobile -- RESOLVED
1255270 Favicon request doesn't timeout, or close when related window is closed -- VERIFIED
1255923 ICE failure log sanitzation code has rotted P1 RESOLVED
1257219 Consider unselecting or blurring out URL from Private Tabs during iOS multitasking -- VERIFIED
1260360 Session Restore needs to honor "Clear history when Firefox closes -> Cookies" in a clean shut-down -- RESOLVED
1264708 Written URL is remembered in web address bar in Private Browsing mode -- VERIFIED
1265356 Downloads with blocked data should be deleted after some time P3 NEW
1269461 edit as new message option keeps email adresss of the sender -- RESOLVED
1269767 Push API detail remain after delete service worker registration -- RESOLVED
1270793 Can't delete passwords -- RESOLVED
1271249 Blob URL should not share across non-private and private windows -- RESOLVED
1272679 Clear Recent History, 1 hour, left accessed site in places.sqlite P1 RESOLVED
1276177 Security Disclosure: Malicious use of the phone's Gyroscope P4 NEW
1276746 Thunderbird composer new mail with previous used attachment in 45.1.0 -- RESOLVED
1278836 When using "Edit as New Message" the original "from" field is not replaced with my address, therefore I can send emails impersonating someone else. -- RESOLVED
1279208 Favicon request doesn't timeout, or close when related window is closed (1255270 is not fixed yet) -- VERIFIED
1279242 Logins are displayed in search results after they are all deleted -- RESOLVED
1279558 The BCC option is being ignored and mails are sent as To (only using the Outlook.com SMTP server) -- RESOLVED
1279720 Require "Search Google for <message text selection>" feature from message reader context menu to be opt-in (to avoid accidental privacy violations) -- UNCONFIRMED
1280294 Session Manager can sometimes store Firefox Accounts Password in plain text -- RESOLVED
1283067 Favicon request doesn't timeout or close when related window is closed (1255270 is not fixed yet) on Windows due to WindowsPreviewPreTab.jsm -- VERIFIED
1284468 edit as new message -- RESOLVED
1285003 Probe browser history via HSTS/301 redirect + CSP -- RESOLVED
1286202 Files are sent without having attached to mail -- RESOLVED
1286797 Latest Firefox on android doesnt clear history on exit when configures so -- RESOLVED
1287952 Feature rqst: Same behavior for third-party content as for cookies in Firefox -- UNCONFIRMED
1290481 Implement mitigations for opaque response storage in the DOM cache P2 RESOLVED
1290515 Clicking escape button on login window is allowing to access Thunderbird without the password. -- RESOLVED
1290732 Reader-mode leaks HTTPS URL through referer header -- RESOLVED
1292655 Limit BatteryManager chargingTime/dischargingTime precision -- RESOLVED
1293420 Should we disable mix-blend-mode because it can lead to a history leakage attack? P3 NEW
1294110 Awesome bar unexpectedly performs search when mouse cursor on a search engine icon when enter is pressed -- RESOLVED
1294438 Private browsing browser traces (android) in browser.db and wal file P1 RESOLVED
1298116 To enhance privacy, don't reveal screen dimensions or window position -- RESOLVED
1299454 Round Off Ambient Light Sensor event.value -- RESOLVED
1300054 tracking protection (strict list) blocks bing maps v8 -- RESOLVED
1301397 "Download Flash and Video" downloads in non-private window even when using it in a private window -- VERIFIED
1301965 Private browsing navigated page leaked to non-private browsing tab back/forward stack. -- RESOLVED
1302547 Allow users to fake WebPermissions -- RESOLVED
1302552 Google Analytics tracking addition on Add-ons page -- RESOLVED
1306050 History will not be deleted after FF is closed -- RESOLVED
1307183 Privacy Locationbar -- RESOLVED
1307739 Visual Studio 2015 C++ compiler inserts the telemetry code into binaries -- VERIFIED
1308767 non removal of account names and passwords when deleting an account -- RESOLVED
1310626 Don't make thumbnails of pages where the camera is in use P5 NEW
1313580 Remove web content access to Battery API -- VERIFIED
1314332 Block Web of TrusT (WOT) Add-on due to security and privacy issues -- RESOLVED
1314555 mcafee extension is active even if the user has disable/uninstall it, because McAfee is injecting into extensions.ini P3 RESOLVED
1315203 XSHM: Cross Site History Manipulation (information leakage) P3 NEW
1315524 Clear sessionStorage when clearing cookies on clean shutdown -- RESOLVED
1315662 deleting of SMTP-Account does not delete corresponding entry in password-manager -- RESOLVED
1318070 keyword.enabled is half-broken, it's half enabled even when it's set to false P1 RESOLVED
1318289 sessions are not cleared in the private window P1 RESOLVED
1320465 Favicon is added to bookmark in Private Browsing mode -- VERIFIED
1320481 thumbnails cache not cleared when "clear history when firefox closes" is set -- VERIFIED
1320894 CacheFileIOManager::WriteInternal writes uninitialised padding bytes to disk -- RESOLVED
1321219 Thunderbird ignores return receipt settings - always sends receipt -- RESOLVED
1323669 Hide URL from process list in GNU/Linux -- RESOLVED
1326041 asm.js fingerprinting in private mode -- RESOLVED
1327649 Urlbar suggestions don't show some history items (no way to get rid of autofill by deleting suggestions) P3 RESOLVED
1333186 Cannot deny camera/microphone sharing permissions individually P3 NEW
1334111 EME: PersistentState should be disabled in private browsing mode P3 RESOLVED
1334485 Tracking using intermediate CA caching P3 RESOLVED
1334587 Work container tab forgets GitHub login after relaunch P1 RESOLVED
1334776 Header name interning leaks across origins -- RESOLVED
1336017 Provide option to block remote content for individual message (after manual un-block) and/or automatically block again after a certain (configurable) amount of time or at the end of the session -- NEW
1339794 Cookies are not not cleared when exiting private browsing P1 VERIFIED
1351308 Downloads are not cleared on exit P5 VERIFIED
1354633 blank MediaError.message when resisting fingerprinting P2 RESOLVED
1357733 The `devicelight` event allows information leaks. P3 RESOLVED
1360294 Add ability for users to hide github link from their public profile -- RESOLVED
1360823 Do not show websites rated for adults -- RESOLVED
1372288 [meta] WebExtensions can be used as user fingerprint P3 NEW
1380537 about:addons (Get Add-ons) triggers Google Analytics tracking in discovery panel P2 RESOLVED
1380797 "Copy text to clipboard" in Troubleshooting Info does not honor "Include account names" checkbox -- RESOLVED
1382708 Unable to manually clear recently closed tabs P3 NEW
1383617 Simplify nsAddrDatabase.cpp by removing "deleted cards" table -- RESOLVED
1385727 In SeaMonkey selected text from unrelated message is quoted when right-click replying to another message, cunningly with correct attribution line -- NEW
1385883 Cannot delete history with IDN P1 RESOLVED
1386252 Privacy discussion of PB mode P5 RESOLVED
1387203 Thunderbird silently sent my private clipboard with email to a wide distribution list -- RESOLVED
1389635 Caching HTTP GET response even though Cache-Control settings include no-store -- RESOLVED
1391236 Unable to restrict saving entered keystrokes in the places.sqlite file's moz_inputhistory table (privacy issue) P3 NEW
1391989 dev tools sends cookies from not private session in private mode -- RESOLVED
1393012 Meeting accept sent from default mail account and not from the account the invite was sent to -- RESOLVED
1393387 Some registry folders, values and data are not deleted after uninstalling Firefox P5 NEW
1395819 Site can turn cam & hw light back on without permission after cam light goes out, if it keeps recording audio P2 VERIFIED
1396224 >500kb clipboard data (and text selection on Linux) is written to the filesystem, even in private mode P2 RESOLVED
1397509 Referrer policy bypass with srcdoc P3 RESOLVED
1398229 "Save Link As..." on a link that requires auth doesn't work the same in a container tab P1 RESOLVED
1398303 Local Storage not cleared by Clear Recent History -- VERIFIED
1398414 Key :visited per origin (first-party-isolation / partitioning for :visited). P3 NEW
1399780 Preloads ignore referrer polices P2 RESOLVED
1400582 Deleting all history still leaves some traces that can be used to precisely track individual users. P3 RESOLVED
1401359 Disable SharedWorker in contexts where storage is not available P2 RESOLVED
1401362 Consider disabling BroadcastChannel in contexts where storage is disabled P2 NEW
1404163 Mixed-content blocker should block <img crossorigin=> requests -- RESOLVED
1405971 Webextension UUID leak via Fetch requests P3 NEW
1406544 cookies sent along with query suggestions request. P3 RESOLVED
1406647 Please do not ship the Cliqz addon (well-known adware in Germany) as experiment -- RESOLVED
1406873 RSS feed message, keep the state of a message read even if we clean the navigation data when we close Firefox -- RESOLVED
1408867 Privacy Issue: preconnect bypasses remote content block -- RESOLVED
1409458 Privacy Issue: Replying to or forwarding an HTML e-mail with external content (e.g. images), may load this content without user notification. -- RESOLVED
1410106 fingerprinting users in private window using web-worker + indexedDB -- RESOLVED
1411708 TBE-01-012: RSS Local Path Leak via @-moz-document -- RESOLVED
1411713 TBE-01-013: RSS Local Path Leak via cid: Parsing Bug -- RESOLVED
1411719 privacy.resistFingerprinting leaking system time and date information -- RESOLVED
1411748 TBE-01-007: "Reload Page" dialog runs Javascript with external attachment because we only disable JavaScript for nsIMsgMessageUrls -- RESOLVED
1412081 (CVE-2017-16541) Proxy bypass caused by autofs on Mac, Linux P2 RESOLVED
1412107 <link rel=preconnect> appears to bypass content policies -- RESOLVED
1413868 proxy bypass on windows via smb P2 RESOLVED
1416344 network.http.referer.XOriginTrimmingPolicy to above 0 or network.http.referer.trimmingPolicy==2 crashes tabs -- RESOLVED
1418211 Video Download Helper downloads in Private Browsing getting shown after restarting firefox -- RESOLVED
1418931 QuotaManager in sanitize.js is not origin-aware P2 RESOLVED
1420653 DeviceId is persisted even if cookies are disabled, allowing persistent fingerprint P3 NEW
1421226 Private mode theme stays after leaving private mode P2 RESOLVED
1422482 OS username disclosure using downloads manager P3 NEW
1422860 Privacy Issue: Replying to or forwarding an HTML e-mail with external content (e.g. images), and clicking on it, may load this content without user notification - take 2 -- NEW
1423410 Swapping tabs exposes private browsing tab content -- RESOLVED
1425187 Don't allow shield studies/experiments without any explanation in description what they do and without related Mozilla bug URL with more detailed information -- NEW
1426702 rel=noreferrer is ignored in <a target="_blank"> leading to referer leakage -- RESOLVED
1427244 Enforce privacy settings on next startup, when previous application close was due to a crash P3 NEW
1428583 [privacy]Disable thumbnails if all open windows are in Private Browsing mode P2 RESOLVED
1431329 Omit Fennec Media playback Notification when viewed in private browsing mode P1 VERIFIED
1431634 Add option to remotely clear all browser data(on disconnecting device)when disconnecting a divice(other than current) using firefoxsync(accounts.firefox.com/settings) -- RESOLVED
1432846 Self-update service worker to stay alive P2 RESOLVED
1433637 Favicons are shown in Bookmarks Toolbar even if Firefox is configured not to show them -- RESOLVED
1436432 Currently viewed webpage (even in Private browsing!) is shared to other devices via IOS Handoff P1 VERIFIED
1437349 Detect if user install certain software with external protocol -- RESOLVED
1437871 Release and Beta share granted runtime permissions P5 RESOLVED
1442509 Encryption (S/MIME) does not prevent sending if all recipients do not have a certificate and account set to "required" -- RESOLVED
1448305 Private browsing mode leaks site visits via cached favicons P1 RESOLVED
1449225 Focus leaks history via cache entries unless manually erased by the user -- RESOLVED
1449920 Clear private data doesn't clear IndexedDB data -- RESOLVED
1454252 Please set beacon.enabled to false by default P2 RESOLVED
1455644 local file information leak on Mac using .DS_Store file -- RESOLVED
1455898 Complicated CSS effects and :visited selector leak browser history through paint timing P1 RESOLVED
1457032 Consider not activating Web Extensions on private windows -- RESOLVED
1458168 Mozilla can operate a DNS-over-HTTPS server -- RESOLVED
1462851 Art. 7 (1) + Art. 21 (5) GDPR: Please only load and run Analytics scripts if navigator.doNotTrack is not 1 -- RESOLVED
1464399 GDPR - Possibly illegal browser behaviour - Don't send any fingerprinting information to a website before receiving explicit user consent for this P2 RESOLVED
1465812 When user delete an url from the address bar with "delete" key, url in the addresse bar should change accordingly P2 RESOLVED
1468071 small followup to proxy bypass on windows via smb P3 RESOLVED
1468087 IP Leak even after disabling WebRTC -- RESOLVED
1468116 Icons from private browsing tabs on Fennec are stored in the disk cache P1 RESOLVED
1468968 Firefox retains favicons with their respective urls after supposedly clearing history P1 VERIFIED
1470174 "Clear private data on exit" does not delete icon cache (at cache/icons/) -- RESOLVED
1471755 Data leak: don't send HTTP-Referer without consent, have a UI switch for default referer policy -- RESOLVED
1472923 Detecting registered URI schemes leads to fingerprinting -- RESOLVED
1474445 Unable to use :visited in compliance with accessibility guidelines P3 RESOLVED
1483249 FireFox is storing sensitive data in the memory cache in an easily viewable format when Cache-Control headers set to no-cache P3 RESOLVED
1483377 Use static array for sWhitelist instead of StaticAutoPtr P2 RESOLVED
1484916 Firefox for iOS does not show an indicator for "passive" mixed-content P2 NEW
1489853 keyword.enabled not honored with trailing colon for about: P3 NEW
1493596 Screenshots of logged in pages show up on the New Tab page P3 REOPENED
1493795 Add a maintenance task to cleanup orphan origins left over by third party apps P3 RESOLVED
1496763 c-webrtc ALPN doesn't work P2 RESOLVED
1498584 Unable to delete several history items under some circumstances P1 VERIFIED
1502914 Clear private data is not working -- RESOLVED
1506993 apkpure -- RESOLVED
1512486 Firefox Library downloads view shows non-private downloads in a private window P2 RESOLVED
1517520 Links clicked in Browser Toolbox in private mode are opened in normal mode, leading to the urls and data being stored with them forever in chrome_debugger_profile. P3 NEW
1517714 SNI instead of ESNI (encrypted SNI) in response to HelloRetryRequest, TLS 1.3 P2 RESOLVED
1519881 Geolocation Permissions are applied in private browsing sessions -- RESOLVED
1521396 Paste event triggered on middle-clicking a link P1 RESOLVED
1524076 Pasted recipient email address a@b autocompletes to more popular primary email address c@d P2 RESOLVED
1525811 When keyword.enabled=false, do not provide search suggestions if no keyword is entered P3 RESOLVED
1526134 Firefox Focus (iOS): Recovery of previous searches across app closure/Browser Clear -- RESOLVED
1526387 CFR Addon Recommendations call remote AMO API before clicking "Install" P1 VERIFIED
1528335 `InstallTrigger` and `mozAddonManager` leaking cookies in private browsing mode P1 VERIFIED
1530132 Whitelisted site allows all cookies requested by site to be saved when blocking all cookies -- RESOLVED
1534581 Exposed chrome:// resources allow browser version, OS, and locale detection P3 UNCONFIRMED
1535004 Some data not successfully deleted after Firefox closes if modified with CCleaner -- RESOLVED
1535235 Plaintext OCSP can leak server identity, even with ECH P5 RESOLVED
1535950 On Linux the download URI is saved to GVFS/GIO metadata even in private browsing P2 RESOLVED
1536382 Implement requestPermission() for DeviceOrientationEvent and DeviceMotionEvent P3 NEW
1541399 Combined address bar continues to treat the address as search string after entering file: P1 VERIFIED
1541450 "Forget about this site" should clear site certificate exceptions P2 RESOLVED
1543897 Session Restore just restored a private window P3 NEW
1544233 With DNS-over-HTTPS/TLS moving towards release and plans of being enabled by default, we should enable support for reading a user's hosts file P2 RESOLVED
1545605 Forget about this site should not leave footprint on disk -- RESOLVED
1546295 Forget about this site does not delete notification data P3 NEW
1546296 Forget about this site does not delete service workers P1 RESOLVED
1546969 Privacy leak in private browsing mode via downloading data P3 NEW
1549349 communicate suggest_url https requirement change to developers P1 RESOLVED
1549394 Potential privacy leak from Win10 keyboard autocomplete of data entered in Private Browsing P3 RESOLVED
1551095 Closed tabs reappear when killing Firefox P2 RESOLVED
1552638 Search engines suggestions shouldn't have shown in Navigation URL Bar, when Search Bar is separated in Address Bar -- RESOLVED
1553003 Tracking and History Exfiltration with Alt-Svc on Firefox P2 RESOLVED
1557015 Firefox focus — old search terms pop up after they are erased and app closed -- RESOLVED
1557831 downloads that show a save dialog do not respect browser.download.manager.addToRecentDocs=false P3 RESOLVED
1562279 Sometimes logging/signing data from Non-Private Window is preserved in new Private Window -- VERIFIED
1562896 Accept event invitation: Reply wrongly sent from and confirmed for email associated with accepting calendar or TB default account instead of recipient/attendee email address (privacy leak!) P2 RESOLVED
1563841 Impossible to clean last used bookmark folder in New Bookmark/Bookmarks/StarUI window -- RESOLVED
1564096 reduce privacy implications of current IMAP/SMTP clientID implementation -- RESOLVED
1564451 Camera remains active when the app is in background or the phone is locked P1 RESOLVED
1564588 Deep-linking to attacker-created rooms on already-trusted WebRTC sites may give unprompted camera/mic access P2 VERIFIED
1565374 Fingerprinting resistance against getUserMedia constraints doesn't work -- RESOLVED
1568640 Disable FTP on Android -- RESOLVED
1568911 2kb of cache returns after deleting from about:preferences#privacy -> Cookies -> Clear data... P3 NEW
1579123 No warning when removing account files fails -- NEW
1588439 Mailing lists should default to BCC -- RESOLVED
1589074 Set referrer policy default to strict-origin-when-cross-origin P2 RESOLVED
1590636 The manual config for setting up a new account has moved !! -- RESOLVED
1591175 With keyword.enabled set to false specific strings in the address bar are still sent to a search provider P2 RESOLVED
1594372 account setup should not send email address as parameter when over plain http -- NEW
1601408 Enable security.mixed_content.upgrade_display_content (Upgrade all mixed content to https) P3 RESOLVED
1602844 FxA ID is unhashed in telemetry on iOS P1 RESOLVED
1604785 Exclude browser.fixup.domainwhitelist.* prefs from about:support P2 RESOLVED
1605229 use Bing InPrivate search in Firefox's Private mode when Bing is set as default search engine P5 UNCONFIRMED
1608359 Don't open TopSites on focus if top sites are hidden in the new tab page P2 VERIFIED
1613157 Firefox cross-domain referer leakage with Referrer-Policy set to same-origin for media resource P3 RESOLVED
1614315 Accept invitation: Reply sent from default account instead of recipient/attendee account -- RESOLVED
1618896 Consider gathering telemetry like HTTP_PAGELOAD_IS_SSL separately only for the address bar P4 RESOLVED
1623256 Page steals focus from doorhanger while editing details of a newly saved password P2 NEW
1627499 Showing top site items/Recently visited items in Private Mode is inconsistent in Address Bar P2 RESOLVED
1630410 Default Browser Agent has spyware behaviour -- RESOLVED
1634952 Firefox Focus on Android: Clearing browsing data stops working from notification -- RESOLVED
1639597 Persistent Private mode is not kept after Restart to update intervention is selected. P3 NEW
1642623 User's search term is accidentally sent to ISP without user's consent. P3 NEW
1642747 It's possible to screen-capture the next tab after tab close P2 VERIFIED
1642943 Introduce a pref controlling post-facto dns resolution of single word hosts P2 RESOLVED
1646262 exclude IP address from sent mail -- RESOLVED
1646756 Private window in firefox for iOS persists IndexedDB after closing all the tabs -- RESOLVED
1646875 Cleanup cmd_toggleReturnReceipt (Bug 1644345 followup) and stop discarding identity changes without asking (incl. Return Receipt) -- ASSIGNED
1650511 URL remains in places.sqlite after deleting from bookmark (corrupt moz_origins) P3 ASSIGNED
1656312 Console command history from Private Browsing session is not cleared P3 RESOLVED
1657251 Favicon request in Fenix sends cookie and shares the value with private browsing mode -- RESOLVED
1658881 [VG-VD-20-115] Leaking External URL protocol handler presence through image tags -- VERIFIED
1663062 Confusing UI state with recipient pills and contacts side bar entries or attachments both showing active blue selection, causing privacy-violation of bug 1691842 (unintentional dual-drag messes up recipients) P1 RESOLVED
1663987 Site Isolation enables timing attacks against partitioning across simultaneously open tabs -- NEW
1666105 No visual indication for recipient pills of whether a typed address is in the Address Book -- RESOLVED
1666655 URLs for most sites that are visited are logged to logcat P1 RESOLVED
1670058 Support GPC / globalprivacycontrol.org Signal -- RESOLVED
1670078 Add Support for BIMI (Brand Indicators for Message Identification) -- NEW
1678545 Full referrer URL exposed even from websites using strict referrer policies (e.g. "no-referrer" or "strict-origin-when-cross-origin") P2 RESOLVED
1679518 Pasting an image from browser into composition silently defaults to linking and *not* attaching the inline image to the message P2 NEW
1685508 Delete browsing data on quit not working. -- RESOLVED
1691298 Private browser collects and retains searches. -- RESOLVED
1691842 Dragging addresses from contact sidebar to a closed addressing label also moves selected pills P1 RESOLVED
1693865 Firefox Focus on android password protection can bypass so easy -- RESOLVED
1696632 User tracking (privacy violation) via cached HTTP 301 permanent redirects P3 UNCONFIRMED
1700037 DNS.jsm/account setup should respect network.proxy.socks_remote_dns -- NEW
1700465 saving har logs for tech support may expose your credentials and user is not warned about it P3 NEW
1701313 Send button still remains disabled in spite of valid, non-pillified recipient address(es) for many text input methods. Should also prevent sending to autocomplete artifact "x >> max"@bar.com (privacy bug 632127) -- RESOLVED
1704110 Browser Tracking through Preflight Cache -- RESOLVED
1704390 Adding or removing an address from a mailing list does not update the list pill in the recipient area of the compose window -- RESOLVED
1705068 Private Browsing not respected for search suggestions -- VERIFIED
1707801 Implement aggressive enforcement option for limit of non-BCC Recipients (public bulk mail prevention) P3 RESOLVED
1708766 login form info saved despite all login info save options disabled -- RESOLVED
1709560 Explore not showing *inline* autocomplete suggestions when a full new email address *@* is entered (prevent error-prone, unwanted autocompletion) -- NEW
1709799 Recipient autocomplete stubbornly prefers primary email address even if search word (typed fast or pasted) matches only the additional address on a card P3 RESOLVED
1711084 Scheme flooding technique for reliable cross-browser fingerprinting P2 NEW
1714185 navigator.oscpu returns "Linux x86_64" even if privacy.resistFingerprinting is enabled -- RESOLVED
1714519 After collapsing and re-expanding composition's attachment pane with several attachments, vertical pane size reduced to 1 line, no scrollbar P3 RESOLVED
1714941 Old history not displayed in "Older than 6 months" library view P3 RESOLVED
1716174 Thunderbird should not include User Agent string with sender's OS and mail client details in every outgoing message (privacy concern) -- RESOLVED
1721904 Page thumbnails from private mode tabs are kept in the cache after a crash P2 RESOLVED
1723281 Fast query of registered URL schemes through XMLHttpRequest for system fingerprinting P2 RESOLVED
1724080 TCP connection made over port 80 with HTTPS only enabled P2 RESOLVED
1729774 Traffic analysis vulnerability of Firefox DNS over HTTPS Implementation P2 RESOLVED
1730194 Prevent Copy button to send information to Cloud Clipboard and Clipboard History on Windows P1 VERIFIED
1730434 FIDO2/WebAuthn privacy leak through a timing attack using silent authentications. P1 RESOLVED
1730797 Using capped, unpartitioned thread-pools for cross-site and / or cross-profile communication P3 NEW
1731713 [meta] Total Cookie Protection Rollout P1 RESOLVED
1732553 Dragging unselected contact B from the new Address Book drops selected contact A instead (mail.addr_book.useNewAddressBook=true) P2 RESOLVED
1733033 Bookmarked link shows as "visited" even after browsing data was cleared -- RESOLVED
1733912 "Do not send a response" does send response on invitations after selecting Gmail online calendar from `Select Calendar` prompt (vs. local calendar with same email) -- NEW
1735212 Support GPC on workers -- RESOLVED
1741519 RFE: confidentiality classification (msip_labels) -- UNCONFIRMED
1742694 dom.push.userAgentID is displayed on about:support: Is this safe or does it allow stealing private push notifications of other people when about:support is publicly shared? -- RESOLVED
1742707 Default button on dialog widget triggers even when modifier keys are used, but should react to plain `Enter` keypress only P3 NEW
1742946 Catch-all identity/email address leaks into guest list when accepting invitation - should honor catch-all and use the invited email address P2 NEW
1743305 Pure CSS browser fingerprinting and cross-origin CSS 'supercookie'. -- UNCONFIRMED
1745180 DNS Prefetch security issue: Information leak -- bug reintroduced -- RESOLVED
1745593 Twitch audio briefly plays on browser start when the site is pinned in about:home P3 REOPENED
1748503 Detecting whether a URL is blocked (by Tracking Protection or an extension) or not through importScripts P3 VERIFIED
1749126 Jpg not erased in %tmp% P2 RESOLVED
1749129 Side-channel attack can deanonymize users (potential risk to journalists and activists) P5 NEW
1750981 In the Firefox mobile share menu, allow me to hide / remove apps -- RESOLVED
1751114 Firefox for iOS shows previously closed private tabs for a fraction of a second when opening new private browsing tabs P4 RESOLVED
1751678 Detecting cross-origin redirects using the performance API P3 VERIFIED
1752396 Temporary file creation moved from /tmp/mozilla_${USER}0 to /tmp. Potential security risk -- VERIFIED
1753242 thunderbird 91.5.0 writes attachments to /tmp readable to everyone -- VERIFIED
1754171 Resource Timing values leak opaque response redirect status P3 RESOLVED
1758660 Received mail reveals default identity/mail-address -- UNCONFIRMED
1760674 Utilizing CSS variables caused a browser behavior that leaks the information on visited links -- VERIFIED
1763950 EXIF metadata not stripped from JPG group -- RESOLVED
1768639 Bookmarks sidebar folder opening state is shared/stored from private windows (persisted after Firefox restart) P5 NEW
1774115 Ctrl+Shift+T brings up deleted history -- RESOLVED
1774739 Change string for Total Cookie Protection in ETP Standard Mode under Preferences -- VERIFIED
1774955 Can't delete urlbar search result any more since Firefox 55 P5 RESOLVED
1780842 screen recording disabled in incognito mode, still leaking sensitive information in the address bar. P3 RESOLVED
1787034 The notification permission granted in normal browsing mode also applies to private browsing P2 VERIFIED
1791611 Allow specifying an address type (Bcc) for a mailing list -- RESOLVED
1791659 Implement `Enforce Bcc` checkbox with strict behavior for mailing lists -- NEW
1792537 Search in address bar cannot be fully disabled P3 RESOLVED
1793615 `Copy` context menu of a link in PDF viewer is enabled without text selected and does nothing, like `Paste`. `Copy link` is missing. -- NEW
1794508 `GetStorageAccess() == ePrivateBrowsing` in ServiceWorkersEnabled() does not always detect private browsing mode P1 VERIFIED
1795118 mail.compose.warn_public_recipients fails for nested mailing lists -- NEW
1796970 Private download progress is shown on the non-private Windows taskbar icon P5 RESOLVED
1797061 Implement `Write > To | Cc | Bcc` submenu for selected mailing list or multiple selection in address book -- NEW
1799356 Adding a contact's secondary email address to a Mailing List adds the primary/default email address instead -- NEW
1801134 Curious websites can obtain a (cryptographically) unique identifier about the used Android device. P3 RESOLVED
1807753 URLs entered in the address bar are leaked to search providers -- NEW
1810358 Android Mozilla Screenshot Prevention Bug P5 NEW
1813375 Session cookies are not removed on session end; session restore resurrects them -- RESOLVED
1819788 When replying to one of several emails from the same sender, it links to the first email in the series, not the intended specific email. -- RESOLVED
1821112 QuickSuggest may be bypassing maxRichResults? P3 VERIFIED
1826842 Visiting discord.gg invite link bypasses private browsing due to its local server P3 NEW
1827837 Some entries may persist as tags when the original bookmark was removed P2 NEW
1828374 miss matching cache in Firefox could be result in network traffic hijacking or information leaking P3 UNCONFIRMED
1830070 about:blank doesn't properly resist fingerprinting. -- RESOLVED
1831879 The "Save image" and "Download link" context menu items do not have a download confirmation prompt like other browsers, making it possible to leak private tabs by accident -- NEW
1839046 Link preview in iOS cannot be disabled -- UNCONFIRMED
1839230 Firefox 114 "Clear History" does not clear download history P3 NEW
1839464 "Block all cookies" bypass for localstorage using about:blank iframe, plus document.cookie weirdness P2 VERIFIED
1839479 Permissions preserved between Private Browsing sessions (e.g. HTTPS-only mode exceptions) P3 NEW
1840265 Malicious WebExtention can leak history using captureVisibleTab and <all_urls> -- RESOLVED
1841429 Firefox 115 Bookmark Toolbar - Firefox connects(preload) with a right click to web page P3 NEW
1842030 After closing the last Private Window, context is not always reset/cleared... P2 RESOLVED
1843046 push notifications saved to disk in Private Browsing mode (Toggle off push notifications in Private Browsing mode) P2 VERIFIED
1844771 'Remove from History' menu item/command doesn't work on Adaptive History results P2 RESOLVED
1849186 Browsing history leaked to syslogs via GNOME P1 RESOLVED
1852277 Audit Web APIs for Hardware Acceleration -- NEW
1853005 Malicious File Downloads via detecting header differences between the <embed> Tag and "save video" context menu item P3 NEW
1862616 Additional text can be inserted in the clipboard result link P3 VERIFIED
1868814 Pressing ⌘Return in the address bar doesn't open a new tab in the current container P3 NEW
1872360 Deleted email metadata remains in msf files -- NEW
1872607 keyword.enabled suggests to execute a search if the typed string ends with * P3 NEW
1875313 Spoof English is ignored in number validation P3 RESOLVED
1880634 MozTogglePictureInPicture event is visible to web content P3 NEW
1880988 The default summary for details doesn't honor spoof English P2 RESOLVED
1883633 Store the exposable (non-uripass) URI in the database for history and favicons -- NEW
1884361 No clearing of cookies on the site mail.ru -- UNCONFIRMED
1886687 Timezone leak through document.lastModified when using RFP -- RESOLVED
1890906 pwa permission leak in private mode -- NEW
1890914 pwa cookies, account history leak from private mode P5 NEW
1892524 Mv3 add-on's request to always access a site is persisted even if requested wrt a site in Private Browsing P3 NEW
1892638 Vulnerability - a website could detect opening the browser devtools with 100% accuracy due to a bug in previewers.js P3 NEW
1896244 When "Open new tab" or "Open new window" is executed from taskbutton of browser window, tabs of last closed normal window are unexpectedly restored. P2 ASSIGNED
1898608 sanitize/clean recipients: option to automatically remove display names from addresses before sending mail -- UNCONFIRMED
1902885 Unable to actually delete search history item of Search bar using DEL key P2 NEW

1473 Total; 210 Open (14.26%); 1047 Resolved (71.08%); 216 Verified (14.66%);