A Twitter Bug Allowed Firefox To Store Cached Files Shared Via DMs


Twitter has recently disclosed a vulnerability that indirectly affected users’ privacy. As disclosed, this Twitter bug allowed a browser to store cached files, including the private ones.

Twitter Bug Left Cached Files Stored

In a recent post, Twitter has disclosed a bug impacting some users’ privacy. This bug allowed browsers to store cached files, including private data shared via DM on Twitter.

Elaborating on the details, Twitter revealed that the bug specifically worked with the Mozilla Firefox browser. It did not have any impact on users of other browsers including Chrome and Safari.

Though, this isn’t a serious matter for users who always use single or personal devices to use Twitter. However, for those who logged in to their accounts via shared or public computers using Firefox, this is a privacy concern. As stated in the post,

The way Mozilla Firefox stores cached data may have resulted in non-public information being inadvertently stored in the browser’s cache. This means that if you accessed Twitter from a shared or public computer via Mozilla Firefox and took actions like downloading your Twitter data archive or sending or receiving media via Direct Message, this information may have been stored in the browser’s cache even after you logged out of Twitter.

Firefox stores cached files for a 7-day period before automatic deletion. It means that any private files exchanged via DMs while using Firefox on shared PCs may have remained in the browser cache.

Twitter Fixed The Flaw

According to their post, Twitter has patched the flaw after discovering it. In the future, the Firefox browser will not store any cached files, making it safe for the users to use shared PCs.

We have implemented a change on our end so that going forward the Firefox browser cache will no longer store your personal information.

Twitter advises users to remain careful, and ensure clearing browser cache before logging out. Users can do so via Menu > Options > Privacy & Security > Cookies and Site Data > Clear Data.

Let us know your thoughts in the comments.

The following two tabs change content below.

Avatar
Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar





Reference: Source link

Sr. SDET M Mehedi Zaman

Currently working as Sr. SDET at Robi Axiata Limited, a subsidiary of Axiata Group. As a Senior SDET: - Played a key role in introducing Agile Scrum methodology and implementing CI/CD pipeline to ensure quality & timely delivery. - Trained colleagues on emerging technologies, e.g. Apache Spark, Big Data, Hadoop, Internet of Things, Cloud Computing, AR, Video Streaming Services Technology, Blockchain, Data Science- Developed a test automation framework for Android and iOS apps - Developed an e2e web automation framework with Pytest - Performed penetration testing of enterprise solutions to ensure security and high availability using Kali, Burp Suite etc. - Learned Gauntlet security testing automation framework and shared the lesson learned in a knowledge sharing session

Leave a Reply

Your email address will not be published. Required fields are marked *