Closed
Bug 381940
Opened 18 years ago
Closed 18 years ago
Restore session restores opened web - email even if computer restarts
Categories
(Firefox :: Session Restore, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 345345
People
(Reporter: vny91, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
When Yahoo mail is opened and Windows XP crashes and restarts, firefox prompts for session restore.
When the session is restored, yahoo mail does not prompt for password.
This is a very serious bug. If you are browsing on a public computer and the power goes away and another user accesses the same computer and restores your sessions he can get into the mail box.
Reproducible: Always
Steps to Reproduce:
1. Open Yahoo mail
2. Force shutdown your computer (pull of the power cord) Windows XP or PRO
3. Start the computer
4. Start Firefox
5. Firefox prompts for restore sessions
6. Yahoo mail is accessible again.
7. Actually password needs to be prompted
Actual Results:
Yahoo mail is accessible again without password prompt
Expected Results:
Only password prompt page should show up
Updated•18 years ago
|
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Comment 2•18 years ago
|
||
Session Restore should *not* be enabled on shared/public computers, or at most the options should be set to save sites but not the cookies. This is but one of many alterations that should be made if you are offering a computer as a shared resource. see links at http://www.mozilla.org/support for pointers on how to find further help.
You need to log in
before you can comment on or make changes to this bug.
Description
•