[CLUE-Talk] An interesting implication for security for users of Mozilla

[bof]

This may have some interesting implications for security under Mozilla, 
if what I have found is correct.

I've been migrating to a new system, and thought that I would move my 
Mozilla account by copying the mail folders from the old to the new 
computer. Before doing that, to save space, I went through the Inbox and 
Send folders, carefully culling out what I did not want to keep, and 
then emptying the trash.

According to the current Mozilla window, I have two messages in my Inbox 
and perhaps a dozen or so in the Send folder.

But when I went to the Mail folder under ./mozilla in my home directory, 
to copy the files to the new system, I found that my Inbox is 39 MB in 
size and my Send folder is almost 2 MB. Looking at their contents, it 
would appear that the Inbox contains every message I have received, and 
the Send folder every message I have sent, since I installed Mozilla in 
May. The trash folder is empty.

So it would appear that even though I moved the messages from the 
folders in the Mozilla window to the trash and then emptied it, the 
Inbox and Send files do not purge themselves of deleted messages: they 
remain on the disk.

The implications are obvious: messages that I thought were removed are 
still available to anyone who wants to read the appropriate files.

This may be old hat to many CLUE readers, but it was a bit of a surprise 
to me.

So I thought I would share it for whatever it is worth.

BOF