Firefox is a popular web browser and one of the most popular browsers in the world. It’s also one of the most used browsers on the planet. Firefox is a great browser and it’s easy to use, but there are some things you can do to make your life easier when browsing the web. One thing you can do is to hack Firefox profile data storage. One way to hack Firefox profile data storage is to use a exploit that was developed by researchers at Mozilla. This exploit allows you to access information stored in Firefox profiles, including user preferences, passwords, and other important information. This exploit was developed in collaboration with researchers at Google Project Zero and other security experts. If you’re interested in using this exploit, you can find it here. You can also find more information about how to use Mozilla’s exploit here.
Have you ever wondered where Firefox keeps all of the history it has remembered from your previous browsing sessions… not just URL’s but saved password, form data and certain preference values? The answer, quite simply, is inside of SQLite databases in your Firefox profile folder.
Using an open source program, SQLite Database Browser, you can not only see the structure of the individual databases but browse and, if you are so inclined, manipulate all the data in each of the tables. While this article focuses on Windows, the same basic information should apply to Linux and Mac users as well.
Viewing the Firefox Profile Data
Before getting started, make sure Firefox is closed so there are no problems with locks on any of these files.
Open SQLite Database Browser, click the open icon and navigate to your Firefox Profile. In Windows 7, the location is here:
An interesting database we will take a look at is “formhistory.sqlite”.
The reason this particular database is interesting is because it stores values you enter into form input fields such as your address, email and phone number (if you have Firefox set to keep this information).
As you can see when you open this file and browse the “moz_formhistory” table, there are loads of entries which give you a bit of insight into how this feature works. Essentially the name of the HTML field where you entered the data is stored in the “fieldname” column and the respective value in the “value” column.
Because field names such as “Email” and “Subject” are very common and likely to be across multiple sites, you may see several entries for the same “fieldname” value with different “value” values. This also explains why you can see values you entered on one site when you are filling out a form on a completely different site.
However, this information can be sensitive. For example, if I search for my credit card number (by pattern) I can find the plain text entry in this database.
If you find entries like this you want to get rid of, simply locate the respective “id” value in the Browse Data tab and click the Delete Record button, save your changes and it is gone.
This can be useful for not only clearing sensitive data, but also entries such as old email addresses or phone numbers without having to clear out all of your history.
Other Profile Databases
While there are several more SQLite databases you can take a look at (all having the .sqlite file extension), below are some which may be of interest. You can open these using the SQLite Database Browser exactly as shown above.
addons. sqlite = Installation information on installed add-ons. This is most likely used for keeping your installed add-ons current. content-prefs. sqlite = Stores information specific to web sites and your settings. For example, the last used location on your computer to upload a file. downloads. sqlite = Information about items which appear in your download items list. extensions. sqlite = Information about installed add-ons. There is nothing too insightful here, but if you are looking for intricate details about an add-on, the information here may be helpful. formhistory. sqlite = (covered in detail above) All non-password data which has been saved in Firefox. signons. sqlite = Saved login password information. The passwords are encrypted against your master password but you can view the number of times each one has been used.
Take a look and if you find something interesting, please share.
Download SQLite Database Browser