Firefox refresh resets certificate storage out of sandbox
Moderator: Barb@Invincea
Firefox refresh resets certificate storage out of sandbox
1. Sandboxed firefox -> about:support -> Refresh Firefox
2. Certificate storage out of sandobx has been restored to default one
Why?
2. Certificate storage out of sandobx has been restored to default one
Why?
Sandboxie 5.19.4 personal lifetime license user || Win10 x64 Pro CU (up to date) || ESET SS 10+ x64 || AppGuard 4+ || Firefox 54+ x64 || UAC on
Re: Firefox refresh resets certificate storage out of sandbo
I'm not quite sure what you are talking about when you say 'certificate storage'. I use PaleMoon, a firefox offshoot, and it has a window called 'Certificate Manager' which I suspect you may mean here...My guess would be it depends on the options you've selected in the exclusion settings for the browser inside SBIE. Firefox stores its certificates in the (C:\Documents and Settings\*USER*\Application Data\Mozilla\Firefox\Profiles\) profile folder in a cert8.db file (similar to PaleMoon except for a minor path variation as far as I can tell) so if you've selected "Allow direct access to entire Firefox profile folder" in SBIE that may very well be why.
This account has been abandoned. If you need to PM me, please send a message to Syrinx.
Re: Firefox refresh resets certificate storage out of sandbo
I definitely did not select the "Allow direct access to entire Firefox profile folder" option. Here is my configuration:
http://pastebin.com/ZBfRBnfV
As you can see Firefox sandbox is pretty much defaults + dropped rights
Here is the video. It shows that Adguard and ESET certificate is missing outside of sandbox after performing 'refresh firefox' inside of sandbox.
Here is the video:
https://youtu.be/URbQhzpahd0
In the video I've done the following:
1) cleaned Firefox sandbox
2) shown that sync was disabled and shown that Adguard and ESET certificate is present outside of the sandbox
3) started sandboxed firefox and shown the same things as 2) inside of sandbox
4) run 'refresh firefox' inside of the sandbox and did not recover any files
5) shown that Adguard and ESET certificates are missing inside of sandbox, which is OK
6) shown that Adguard and ESET certificates are missing outside of sandbox, which is not OK
http://pastebin.com/ZBfRBnfV
As you can see Firefox sandbox is pretty much defaults + dropped rights
Here is the video. It shows that Adguard and ESET certificate is missing outside of sandbox after performing 'refresh firefox' inside of sandbox.
Here is the video:
https://youtu.be/URbQhzpahd0
In the video I've done the following:
1) cleaned Firefox sandbox
2) shown that sync was disabled and shown that Adguard and ESET certificate is present outside of the sandbox
3) started sandboxed firefox and shown the same things as 2) inside of sandbox
4) run 'refresh firefox' inside of the sandbox and did not recover any files
5) shown that Adguard and ESET certificates are missing inside of sandbox, which is OK
6) shown that Adguard and ESET certificates are missing outside of sandbox, which is not OK
Sandboxie 5.19.4 personal lifetime license user || Win10 x64 Pro CU (up to date) || ESET SS 10+ x64 || AppGuard 4+ || Firefox 54+ x64 || UAC on
Re: Firefox refresh resets certificate storage out of sandbo
I just checked it out and it does not matter if you set the folder where you have firefox installed as forced or not.
Sandboxie 5.19.4 personal lifetime license user || Win10 x64 Pro CU (up to date) || ESET SS 10+ x64 || AppGuard 4+ || Firefox 54+ x64 || UAC on
Re: Firefox refresh resets certificate storage out of sandbo
It appears I was incorrect as to which option enabled this db to be saved. It's actually a part of the 'phishing' option as found in the firefox template of the templates.ini though I expect direct access to the profile folder would allow this as well. Would you try making sure this option is disabled and re-test to see if that solves the mystery?
Code: Select all
[Template_Firefox_Phishing_DirectAccess]
Tmpl.Title=#4337,Firefox/Waterfox/Pale Moon
Tmpl.Class=WebBrowser
ProcessGroup=<FirefoxPrograms>,firefox.exe,waterfox.exe,palemoon.exe
OpenFilePath=<FirefoxPrograms>,%USERPROFILE%\*\urlclassifier.pset
OpenFilePath=<FirefoxPrograms>,%USERPROFILE%\*\urlclassifier*.sqlite*
OpenFilePath=<FirefoxPrograms>,%USERPROFILE%\*\cert8.db
OpenFilePath=<FirefoxPrograms>,%USERPROFILE%\*\blocklist.xml
OpenFilePath=<FirefoxPrograms>,%USERPROFILE%\*\safebrowsing\*
This account has been abandoned. If you need to PM me, please send a message to Syrinx.
Re: Firefox refresh resets certificate storage out of sandbo
Thank you for your reply btm.
This setting:
is responsible for certificate storage.
This does not answer the question why OpenFilePath is used. The way it works by default sandboxie does not allow to have multiple certificate storages - separate for every single sandbox. Why?
This setting:
Code: Select all
OpenFilePath=<FirefoxPrograms>,%USERPROFILE%\*\cert8.db
Source: http://forums.sandboxie.com/phpBB3/view ... 888#p74888Guest10 wrote:The phishing template was recently revised so that the certificates file and the add-ons blocklist file are also saved outside of the sandbox, in the Firefox profile folder.
The certificates file because: hackers stole items that enabled them to create false certificates, and Firefox needs to update the certificates data, as false certificates are found.
The blocklist file because: once each day Firefox will download a list of add-ons that are known to be dangerous and should be blocked from use.
So disabling the Firefox phishing template could be bad for your computer's security.
This does not answer the question why OpenFilePath is used. The way it works by default sandboxie does not allow to have multiple certificate storages - separate for every single sandbox. Why?
Sandboxie 5.19.4 personal lifetime license user || Win10 x64 Pro CU (up to date) || ESET SS 10+ x64 || AppGuard 4+ || Firefox 54+ x64 || UAC on
Re: Firefox refresh resets certificate storage out of sandbo
I believe that is so all updates related to phishing, blocklist of sites, etc, is updated silently and as a tiny update. Otherwise, the entire database that has been updated since last time you ran Firefox unsandboxed, would have to be downloaded every time you run Firefox sandboxed .Dun wrote:This does not answer the question why OpenFilePath is used.
Bo
Re: Firefox refresh resets certificate storage out of sandbo
I added
to global settings in sandboxie.ini. Currently when I use refresh firefox in sandbox, it resets certificate database inside sandbox while database outside of sandbox stays untouched. So it works as I wanted now. So far I haven't seen cert8.db file in C:\Sandbox\%USERNAME%\Firefox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\%USERPROFILE% so I'm not sure how it works exactly. Should the file be created there automatically some time later?
Code: Select all
ReadFilePath=<FirefoxPrograms>,%USERPROFILE%\*\cert8.db
Sandboxie 5.19.4 personal lifetime license user || Win10 x64 Pro CU (up to date) || ESET SS 10+ x64 || AppGuard 4+ || Firefox 54+ x64 || UAC on
Who is online
Users browsing this forum: No registered users and 1 guest