Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

My profiles.ini contains an unknown and unusual profile

more options

Hello,

I noticed today that my profiles.ini contains a second profile that I don't know anything about. Here is the redacted content of my profiles.ini:

[General] StartWithLastProfile=1

[Profile0] Name=default IsRelative=1 Path=Profiles/<My Profile> Default=1

[Profile1] Name=<15 alphanumerical charaters> IsRelative=0 Path=<465 Base64 charaters>

Profile0 is the one I use, Profile1 is the one I am curious about. It doesn't look like a normal profile definition, in particular the Base64 encoded path. When I decode the value of path, I can read a few strings amongst binary data and in particular there is a path to /private/tmp/<15 alphanumerical charaters> (the same 15 characters as in the profile's name). However there is no such folder in /private/tmp/.

I tried to see if the profile was listed in the Profile Manager, it was not, and the Profile Manager removed it from the profiles.ini file. I guess I could just forget about it but I'd really like to know what this profile was and what it was for. Any idea?

Hello, I noticed today that my profiles.ini contains a second profile that I don't know anything about. Here is the redacted content of my profiles.ini: [General] StartWithLastProfile=1 [Profile0] Name=default IsRelative=1 Path=Profiles/<My Profile> Default=1 [Profile1] Name=<15 alphanumerical charaters> IsRelative=0 Path=<465 Base64 charaters> Profile0 is the one I use, Profile1 is the one I am curious about. It doesn't look like a normal profile definition, in particular the Base64 encoded path. When I decode the value of path, I can read a few strings amongst binary data and in particular there is a path to /private/tmp/<15 alphanumerical charaters> (the same 15 characters as in the profile's name). However there is no such folder in /private/tmp/. I tried to see if the profile was listed in the Profile Manager, it was not, and the Profile Manager removed it from the profiles.ini file. I guess I could just forget about it but I'd really like to know what this profile was and what it was for. Any idea?

Keazen oplossing

On Mac OS such a base64 encoded path can be used to specify an absolute location elsewhere on the hard drive.
There may also be prefs that use this way to specify a file path like the download directory.

Dit antwurd yn kontekst lêze 👍 0

Alle antwurden (4)

more options

Did you ever use the Reset Firefox feature? Reset Firefox makes a new profile and moves the old one to another place, and that may explain that strange profile.

more options

I don't remember ever doing this. But I dug up my old laptop, from which I copied my profile to my new machine a few years ago, and it already had this unknown profile. So it must have been there for years, during which I upgraded through many versions of Firefox. It's possible that a reset happened at some point. Do you know if the reset feature uses the /private/tmp folder and if it base64 encodes the path in the profiles.ini file?

more options

Keazen oplossing

On Mac OS such a base64 encoded path can be used to specify an absolute location elsewhere on the hard drive.
There may also be prefs that use this way to specify a file path like the download directory.

more options

Ok, good to know that the base64 encoding is not necessarily something suspiciously obfuscated.

I also wondered if it could be an extension storing data this way. If it is, it doesn't seem a very robust idea since the Profile Manager removed the fake profile without warning. Maybe the point is to have system-wide value instead of the per-user pref.js but then it's a kludge.