Firefox places.sqlite Database

places.sqlite is the SQLite database file that stores history for Mozilla's Firefox browser. It also stores additional data such as favicons, bookmarks, and input history (used for autofill).

Analysis Value

pageHistory pageBookmarks

Operating System Availability

Systems with Mozilla Firefox installed

Artifact Location(s)

%UserProfile%\AppData\Roaming\Mozilla\Firefox\Profiles\{FIREFOX_PROFILE}\places.sqlite*

Artifact Parsers

KAPE (Extraction and Parsing)
DB Browser for SQLite

Artifact Interpretation

The following tables are present in this SQLite database:

Database Table	Information
moz_bookmarks	Bookmarks
moz_favicons	Favicon store. Provides URLs for each stored favicon.
moz_historyvisits	Firefox history
moz_inputhistory	Input history for the URL/search bar
moz_places	Stores URLs and some metadata regarding each URL such as visit frequency

Database Table

Information

moz_bookmarks

Bookmarks

moz_favicons

Favicon store. Provides URLs for each stored favicon.

moz_historyvisits

Firefox history

moz_inputhistory

Input history for the URL/search bar

moz_places

Stores URLs and some metadata regarding each URL such as visit frequency

In newer versions of Firefox (Firefox 55.0+), the moz_favicons table has been moved to its own unique database under the same directory, favicons.sqlite.

Firefox Bookmarks

The browser bookmark data for Firefox is stored in the moz_bookmarks table of this database. It has the following structure:

Field Type Interpretation

Field	Type	Interpretation
fk	INT	Points to `id` in `moz_places` table, provides the URL for the bookmark.
title	LONGVARCHAR	The user-assigned name for the bookmark
dateAdded	INT	UNIX timestamp indicating when the bookmark was added
lastModified	INT	UNIX timestamp indicating when the bookmark was last modified

INT

Points to id in moz_places table, provides the URL for the bookmark.

title

LONGVARCHAR

The user-assigned name for the bookmark

dateAdded

INT

UNIX timestamp indicating when the bookmark was added

lastModified

INT

UNIX timestamp indicating when the bookmark was last modified

Firefox Favicons

The stored favicons for visited websites are stored either in the places.sqlite database for Firefox versions below 55.0, and in its own separate SQLite database favicons.sqlite for versions afterwards. The structure is as follows:

Field	Type	Interpretation
icon_url	TEXT	The URL of the original favicon
expire_ms	INT	UNIX timestamp representing the expiration time/date for the stored favicon. By default seems to be one week from the last visit.
data	BLOB	The raw favicon data

Field

Type

Interpretation

icon_url

TEXT

The URL of the original favicon

expire_ms

INT

UNIX timestamp representing the expiration time/date for the stored favicon. By default seems to be one week from the last visit.

data

BLOB

The raw favicon data

Firefox History

The browsing history for a particular Firefox profile can be extracted from the moz_historyvisits table. It has the following structure:

Field Type Interpretation

Field	Type	Interpretation
place_id	INT	Foreign key pointing to an entry in the `moz_places` table, which can be used to determine the URL that was visited
visit_date	INT	UNIX timestamp representing the time of the visit
visit_type	INT	Enumerated value, the type of visit

place_id

INT

Foreign key pointing to an entry in the moz_places table, which can be used to determine the URL that was visited

visit_date

INT

UNIX timestamp representing the time of the visit

visit_type

INT

Enumerated value, the type of visit

The following visit_type enumerations can provide additional information regarding how the site was visited:

Link followed to visit the URL
URL was typed and visited, or selected from an autocomplete result in the search bar
URL was visited through a bookmark
URL was embedded on another page
URL visited through a permanent redirect (HTTP 301)
URL visited through a temporary redirect (HTTP 307)
URL is a downloaded resource
URL was visited in a frame
URL was visited because the page was reloaded

Last updated 6 months ago