CVE-2004-2657

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 1.5.0.1 and possibly other versions

Description The issue allows local users who share a Windows profile to view records of user activity after a new installation of Firefox, even if the previous installation was uninstalled. This is reported to affect the list of Passwords Never Saved web sites. The vendor has disputed this issue, stating that the uninstaller is not intended to remove user data.

Recommendations For Mozilla Firefox version 1.5.0.1, consider manually removing user data after uninstalling to prevent other users from accessing the records. At the moment, there is no information about a newer version that contains a fix for this vulnerability.