Is this behavior expected? I would imagine it would be a privacy violation in a multi-user system. I thought they had some sort of encryption for hiding the sites that I visit.
BTW, FF does not do this on private mode. But still it is concerning, that any program can know about the sites I visit just by looking at ~/.mozilla/profile/storage/default.
That’s true of Windows, any process running as the same user can read Firefox data files, probably its memory too. Malware do that, and that’s why people try hard to avoid malware with AV, security fixes, sandboxing, hardening, education, …
There is better sandboxing support on Linux, at least on the tooling side. It’s relatively easy to use firejail to sandbox every program that interacts with the network. Last time I looked I couldn’t find an equivalent on Windows that’s freely available. The “Windows Sandbox” thing is the closest but it’s fairly heavy and inconvenient. Unlike firejail it doesn’t come with profiles tailored for various popular software.