Pomoc pśepytaś

Glědajśo se wobšudy pomocy. Njenapominajomy was nigda, telefonowy numer zawołaś, SMS pósłaś abo wósobinske informacije pśeraźiś. Pšosym dajśo suspektnu aktiwitu z pomocu nastajenja „Znjewužywanje k wěsći daś“ k wěsći.

Dalšne informacije

My profiles.ini contains an unknown and unusual profile

  • 4 wótegrona
  • 1 ma toś ten problem
  • 1 naglěd
  • Slědne wótegrono wót lethal.possum

more options

Hello,

I noticed today that my profiles.ini contains a second profile that I don't know anything about. Here is the redacted content of my profiles.ini:

[General] StartWithLastProfile=1

[Profile0] Name=default IsRelative=1 Path=Profiles/<My Profile> Default=1

[Profile1] Name=<15 alphanumerical charaters> IsRelative=0 Path=<465 Base64 charaters>

Profile0 is the one I use, Profile1 is the one I am curious about. It doesn't look like a normal profile definition, in particular the Base64 encoded path. When I decode the value of path, I can read a few strings amongst binary data and in particular there is a path to /private/tmp/<15 alphanumerical charaters> (the same 15 characters as in the profile's name). However there is no such folder in /private/tmp/.

I tried to see if the profile was listed in the Profile Manager, it was not, and the Profile Manager removed it from the profiles.ini file. I guess I could just forget about it but I'd really like to know what this profile was and what it was for. Any idea?

Hello, I noticed today that my profiles.ini contains a second profile that I don't know anything about. Here is the redacted content of my profiles.ini: [General] StartWithLastProfile=1 [Profile0] Name=default IsRelative=1 Path=Profiles/<My Profile> Default=1 [Profile1] Name=<15 alphanumerical charaters> IsRelative=0 Path=<465 Base64 charaters> Profile0 is the one I use, Profile1 is the one I am curious about. It doesn't look like a normal profile definition, in particular the Base64 encoded path. When I decode the value of path, I can read a few strings amongst binary data and in particular there is a path to /private/tmp/<15 alphanumerical charaters> (the same 15 characters as in the profile's name). However there is no such folder in /private/tmp/. I tried to see if the profile was listed in the Profile Manager, it was not, and the Profile Manager removed it from the profiles.ini file. I guess I could just forget about it but I'd really like to know what this profile was and what it was for. Any idea?

Wubrane rozwězanje

On Mac OS such a base64 encoded path can be used to specify an absolute location elsewhere on the hard drive.
There may also be prefs that use this way to specify a file path like the download directory.

Toś to wótegrono w konteksće cytaś 👍 0

Wšykne wótegrona (4)

more options

Did you ever use the Reset Firefox feature? Reset Firefox makes a new profile and moves the old one to another place, and that may explain that strange profile.

more options

I don't remember ever doing this. But I dug up my old laptop, from which I copied my profile to my new machine a few years ago, and it already had this unknown profile. So it must have been there for years, during which I upgraded through many versions of Firefox. It's possible that a reset happened at some point. Do you know if the reset feature uses the /private/tmp folder and if it base64 encodes the path in the profiles.ini file?

more options

Wubrane rozwězanje

On Mac OS such a base64 encoded path can be used to specify an absolute location elsewhere on the hard drive.
There may also be prefs that use this way to specify a file path like the download directory.

more options

Ok, good to know that the base64 encoding is not necessarily something suspiciously obfuscated.

I also wondered if it could be an extension storing data this way. If it is, it doesn't seem a very robust idea since the Profile Manager removed the fake profile without warning. Maybe the point is to have system-wide value instead of the per-user pref.js but then it's a kludge.