Firefox replaced data on uploaded files with user information
I used firefox to upload a 7z file into a website. Some time later I was reported the 7z file was returning CRC errors when decompressing. After downloading it from the website and comparing it against the original 7z (raw byte comparison) file I discovered a large section of the file, near the bottom, was replaced.
However the worst part is not that the file was corrupted but that the data inserted on the file contains user information. On thie section I found several strings matching all sorts of things:
- URLs I have recently visited
- Search bar history (searches I have recently done on google)
- Login details saved on my firefox
- part of pages I have recently visited
Is this a known issue? This is a big deal for me and I will stop using firefox until this is fixed.
I am using 60.0.1 (64-bit) over win8.1.
Additional System Details
- Shockwave Flash 29.0 r0
- User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Any browser would only upload/download a file without making any changes.
You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no
Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
Antivirus has been always up to date on my system. I have been trying to figure out what is the problem but firefox continues to do it every now an then. Unfortunately I cannot install malware scanners, this is a corporate PC.
Thanks for the help anyway. I was great using firefox for about 12 years.
Notify your boss And your IT that you found a security breach.
I suggest filing a bug and seeing whether anyone can reproduce the issue with one of your problem files. If there are characters or codes in the file that cause Firefox to read beyond its expected end or to substitute other data from your hard drive or memory, that needs to be fixed. You might want to mark it security sensitive.