Admin bookmarks Revealed

I'm the Admin on a relatives comp, as they are clueless

Today before i arrived someone wanted to watch something on it as a regular user that required Flash. They got a message saying an update to Flash was needed to view, but couldn't install the latest V due to not having the Admin PW.

When i arrived i was told of this, so later on i fired up the comp in the regular users account & installed it when prompted for the Admin PW. To my Great surprise when i next launched FF & went to the Bookmarks to click on Scroogle for someone to use, i was presented with my Bookmarks from the Admin account I closed FF & relaunched it & the Bookmarks were now the regular users.

I don't have Any dodgy etc Bookmarks on there, but if i had, or others do, it could be Very embarrassing or worse, to say the least !

How could Admin Bookmarks get launched from a regular users account ?

 

Is it possible that Firefox exists only one Profile? The Default Profile.



Firefox stores settings, home page, toolbars, passwords, bookmarks in the file 'places.sqlite' that is located
within an special profile folder that is kept in an separate place from the Firefox program called the Profile.

Managing Firefox Profiles:
http://support.mozilla.org/en-US/kb/Managing-profiles


HKEY1952

 

What if you are using portable Firefox? Does that profile get intermingled with the desktop Firefox??

 

This is an easy one. Any time you are prompted to elevate in Windows 7 (or Vista) that program now runs under the credentials of the account entered when you are prompted. This is true of any program. If you launch ANY program as admin everything it links to is also as admin.

Go ahead and launch any program as admin and try to open a file and browse to the desktop. See that it is the admins desktop that is presented in the open file dialog, not the limited user that is currently logged in. Launching a web browser as you have seen will expose all of your favorites and history and so on. Also notice that this process runs with high integrity, which could be highly dangerous for a web browser. Any time you have to elevate a process in a standard user account with admin credentials, make sure to close that program immediately when the task is completed and restart it.

This is not as noticeable when you are running as a limited admin as when you elevate you are still under the same user. When you are elevating for a different user, it is more noticeable. However it is equally dangerous. Process Explorer is your friend. Run it as admin and display the Integrity column and play with elevating some processes and watch what it does.

 

Thanks for the responses i thought i wasn't going to get any

@ HKEY1952

Next time i'm round there, i'll check the Profile

@ caspian

Don't know, as it's an install version of FF, but good point

@ xxJackxx

Interesting & Alarming ! Looks like you've cracked it I'll be Much more wary in future.