Cookies not listed in Firefox Settings but visible to CCleaner
I see several cookies in the CCleaner cookies windows that I can't find anywhere else. These cookies do not appear in the cookies list under Firefox Settings, and Firefox is the only browser I use.
Some examples are connect.facebook.net, cdnjs.cloudfare.com, and login.wikimedia.org, and these cookies keep coming back after cleaning them up even though I haven't visited those sites and have 3rd-party cookies blocked in Firefox except from visited sites. Notice in the attached image that these cookies are listed in CCleaner, but they aren't listed in Firefox Settings.
Can anyone tell me where these cookies are stored and why I can't see them in Firefox Settings?
All Replies (20)
CCleaner uses different methods then what FF. You don't have to go to those site to get cookie if there are sites that you visit that has them as links it will still register a cookie for them. If your concern you should really contact those sites about their cookies and privacy.
WestEnd wrote: > You don't have to go to those site to get cookie if > there are sites that you visit that has them as links > it will still register a cookie for them.
If I'm blocking 3rd party cookies in Firefox, then how can another site "still register a cookie for them," as you said?
My question wasn't how I'm getting these cookies, though. It was where the cookies are stored. FF Settings doesn't show these cookies, but if CCleaner can see them, then they exist. And if they exist, they came through FF, since FF is the only browser I use. So again: Where does FF store these cookies, and why can't I see them in FF Settings?
Modified
After you clean those cookies, could you test starting Firefox in its Safe Mode and see whether there is any difference? In its Safe Mode, Firefox temporarily deactivates extensions and certain optional configuration files, so you could rule those out as the source of the unexpected cookies.
If Firefox is not running: Hold down the Shift key when starting Firefox.
If Firefox is running: You can restart Firefox in Safe Mode using either:
- "3-bar" menu button > "?" button > Restart with Add-ons Disabled
- Help menu > Restart with Add-ons Disabled
and OK the restart.
Both scenarios: A small dialog should appear. Click "Start in Safe Mode" (not Refresh).
Any difference?
Also, check out this article on sites/services Firefox may connect to without your specific request in the current session. I can't imagine Wikipedia would be in there, but I can imagine CloudFlare -- used by many sites for traffic management -- might.
Our posts crossed.
Jon9 said
My question wasn't how I'm getting these cookies, though. It was where the cookies are stored.
I don't know if there is a way to view cookies other than "web content" cookies in Firefox's dialogs. For example, it's common to get a Google cookie when Firefox updates the files used for the SafeBrowsing (malware and phishing site block). This cookie is kept in a separate context from your Google web content cookies and is not visible in the regular cookie dialogs.
Some cookies are used internally and CCleaner might be detecting them.
Note that Cloudflare is a CDN network that might be used to retrieve some data. In such a case cookies might be involved.
cor-el said
Note that Cloudflare is a CDN network that might be used to retrieve some data.
I have no idea what this means.
jscher2000 said
After you clean those cookies, could you test starting Firefox in its Safe Mode and see whether there is any difference?
Thank you for the helpful response.
In Safe Mode, the semi-invisible cookies still appear. I've found that I can trigger the Facebook-related cookies to appear by doing this:
1) Start Firefox (regular or Safe Mode) 2) Visit fb.com, wait a few seconds but don't log in 3) Quit Firefox 4) Restart Firefox (regular or Safe Mode) to a blank page 5) Under Firefox Tools>Options>Privacy>Show Cookies, there will be a few cookies under facebook,com. Delete them. 6) Now look in CCleaner Options>Cookies. In addition to a few mozilla.org cookies, there will still be these cookies, none of which appears in the Firefox Options Cookies list:
I should note that many of these semi-invisible cookies related to Facebook (and some other sites) appear even if I never visit facebook.com, and even if I have Firefox options set to accept 3rd-party cookies only from visited sites.
Can you explain why these cookies are being accepted, where they are being stored, why Firefox Options cannot see them, and why letting Firefox clear its cookies doesn't get rid of them?
Hmm, why...
The connect.facebook.net domain is used for the Like button or other integrations with non-FB sites. I don't use Facebook heavily enough to know why there are so many other domains.
Can you associate the appearance of these cookies with loading history tiles ("TOP SITES") on the new tab page or built-in home page? If a thumbnail image could not be generated on a previous visit, Firefox may reconnect to the site in the background to try to create one. It would make sense that those cookies are isolated from your web content cookies, but I don't know why they would need to be retained after you shut down Firefox.
jscher2000 said
Can you associate the appearance of these cookies with loading history tiles ("TOP SITES") on the new tab page or built-in home page?
Nope. My new-tab page is about:blank. Furthermore, I don't have any bookmarks for any Facebook sites, and Facebook isn't in my browser history (because I rarely visit it, and because both Firefox and CCleaner delete my history).
Here is some new, disturbing information: I just tried running CCleaner and then visiting fb.com in a Private Browser window, then quitting Firefox. The same www.facebook.com cookie appears now in the CCleaner list (but not in the Firefox list), although none of the other FB-related cookies appear. This is especially disturbing, because it violates Mozilla's assurance that "Private Browsing allows you to browse the Internet without saving any information about which sites and pages you’ve visited." If that were true, then there shouldn't be a facebook.com cookie visible in CCleaner after I visit facebook.com in a Private Browsing window.
Particularly given Facebook's recent privacy challenges, this is a really big deal. Does anybody at Mozilla know anything about this hole?
Modified
This is worse than I thought. I may have identified a security flaw in Firefox ESR 52.7.3 (64-bit).
Can someone please verify this and help me report it?
0) Configure Firefox with strict "Do Not Track" protection (Tools>Options>Tracking>Change Block List>Strict) and with clear-cookies-upon-exit (Tools>Options>Privacy>History>Settings). Quit Firefox. 1) Run CCleaner>Clean, and confirm that no cookies are listed in CCleaner>Options>Privacy>Cookies. 2) Quit CCleaner. 3) Right-click the Firefox icon and launch Firefox in New private window mode. 4) Visit fb.com and wait for it to finish loading completely. Don't bother logging in. 5) Quit Firefox. 6) Restart CCleaner>Options>Cookies and observe that there's a new cookie from www.facebook.com. 7) Restart Firefox and observe that there's NO facebook.com cookie listed there (Tools>Options>Privacy>Show Cookies).
So visiting facebook.com from a Private Browser windows DOES leave a history trace on the computer, which can be seen in CCleaner and which cannot be seen or erased in Firefox. Worse, that cookie may or may not contain personally identifiable information for whoever may have logged in during the Private Browser session. (I don't know how to examine the cookie, because I don't know where it's being stored. I would love to know that, though!)
This should not happen.
Modified
Before you updated your reply, I composed this. I can't do the full test at the moment:
What's mysterious to me is where CCleaner is finding cookies. Firefox stores cookies in cookies.sqlite (not in private windows) and in session history files for session cookies of recently opened/closed tabs/windows (again, not applicable to private windows).
If you want to see what is in cookies.sqlite, you could:
Open your current Firefox settings (AKA Firefox profile) folder using either
- "3-bar" menu button > "?" Help > Troubleshooting Information
- (menu bar) Help > Troubleshooting Information
- type or paste about:support in the address bar and press Enter
In the first table on the page, on the Profile Folder row, click the "Open Folder" button (old versions: "Show Folder"). This should launch a new window listing various files and folders in Windows Explorer.
In a Firefox tab or in Chrome, possibly in Edge, I haven't tested, open:
http://inloop.github.io/sqlite-viewer/
Drag and drop the cookies.sqlite file onto the box to trigger the page to dump out its contents. To make the results a little easier to read, you can paste this query and execute it:
SELECT baseDomain, name, value, datetime(expiry, "unixepoch") AS expires FROM 'moz_cookies' ORDER BY baseDomain, name
Are the mystery cookies listed in there?
jscher2000 said
Are the mystery cookies listed in there?
No, they are not. I can see all of the cookies that Firefox Options sees. I do not see the facebook.com cookie or any of the other semi-invisible cookies that I have collected in the past 30 minutes that I can see in CCleaner, including the cloudfare.come and google-analytics.com cookies.
You can also check the storage folder and the webappsstore.sqlite file in the profile folder in case CCleaner considers that as a cookie. There may also be thumbnails present in the thumbnails folder in the cache location. See about:profiles for both locations used for the profile folder.
cor-el said
You can also check the storage folder and the webappsstore.sqlite file in the profile folder in case CCleaner considers that as a cookie. There may also be thumbnails present in the thumbnails folder in the cache location.
Checked storage and webappstore. Nothing there related to the Facebook or Cloud Flare cookies. (I couldn't find the thumbnails folder.)
Regardless of where it's being stored, aren't you alarmed that there are traces of a Private Browsing session showing up anywhere?
As long as this item isn't identified and checked what this is about it is hard to tell what is going on. Maybe you should contact CCleaner and ask them how to get more detail about a specific item (location and content).
cor-el said
Maybe you should contact CCleaner and ask them how to get more detail about a specific item (location and content).
I've posted the question to the CCleaner Support Forum, and I have also opened a support ticket asking that question. I'll post the response I receive here.
Jon9 is basically speaking of what I posted about.
By Manually deleting the "Cookies" Cache", "History" in the "Privacy & Security", & by setting "Do Not Track" in that tab, .....
Once being off the Internet, & then at the Desk-top using Software such as Priform's Ccleaner, ... Folders for Firefox are still showing that what was done Manually, ... Did not happen.
I also am believing that this is a Flaw in this version of Fire Fox.
And, upon making the Above Post, exactly like I said before,.... The Time Stamp here in this Forum is 10:35 A.M., where in Physical Reality, My Time is 1:36 PM, & YES, I am "logged in".
Okay, I found some new information.
CCleaner searches a file called SiteSecurityServiceState.txt that stores "HTTP Strict Transport Security" (HSTS) settings for individual sites. HSTS is a feature where Firefox remembers a server's previous instruction to only access the site using HTTPS. When Firefox encounters an HTTP address for the site, it requests it on HTTPS instead. A tracking scripts can potentially generate a lot of requests to different sites and observe when Firefox uses HTTP and when it uses HTTPS, combine that information, and use it as a kind of fingerprint. Some people have called it an HSTS supercookie.
There have been "proof of concept" sites over the years, but until recently, it was not considered to be in actual use. Just recently, "Webkit," which is the foundation of Safari, issued an article indicating it was discovered in the wild, and what was changed to block it: Protecting Against HSTS Abuse.
The Webkit approach has been submitted to Mozilla developers through a bug report; they seem skeptical that it will solve the problem. Anyway, it will be months before anything changes there.
For now, I'm not aware of a way to prevent Firefox from keeping these bits without removing a lot of other data at the same time. You could consider these options:
(1) Use private windows, which should limit the duration of retention of HSTS data to the length of your private session
(2) Use anti-tracking and ad-blocking features/add-ons, since this is not anticipated to be a problem with legit servers
(3) Establish a routine to remove the SiteSecurityServiceState.txt file from the profile folder at relevant intervals
(4) [NOT RECOMMENDED] Set Firefox to clear "Site Preferences" at shutdown, but this also removes other site data such as cookie/pop-up permissions and zoom levels, so not a good solution
(5) [EXPERIMENTAL] Empty out the SiteSecurityServiceState.txt file and at the OS level, set it to Read-Only so Firefox cannot write to it. It is unclear how this might affect Firefox's ability to enforce HTTP Strict Transport Security, but if you always check to make sure sites handling sensitive information are using a secure connection, it might not cause any harm to you personally. This would not be recommended for people who are not observant.
Could you check whether the SiteSecurityServiceState.txt file is the source of "cookies" that CCleaner is finding? Once Firefox has shut down, you can simply delete the file and then do your CCleaner scan.
DavidDeBord said
And, upon making the Above Post, exactly like I said before,.... The Time Stamp here in this Forum is 10:35 A.M., where in Physical Reality, My Time is 1:36 PM, & YES, I am "logged in".
Nothing to do with Firefox but how you have your DavidDeBord account setup for timezone on support.mozilla.org