Closed
Bug 395749
Opened 17 years ago
Closed 17 years ago
if yahoo mail crashes, upon restore session, cookies are saved regardless of which 'keep until' option selected
Categories
(Firefox :: Session Restore, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 345345
People
(Reporter: lmosoian, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
After using Yahoo mail to delete, view, compose messages, Mozilla will crash at some point. Upon restarting Firefox, you will be prompted to restore last session or not. If you choose to restore, then REGARDLESS of your cookie selection for 'keep until' from the pull-down menu, your cookies will be saved. This means that you can have a fatal error at any point, but if it is while you are using cookies to log into a site, then they will be saved regardless of your cookie privacy setting. This enables anyone who uses your computer (and maybe outsiders too) to enter your personal space (banking, school, email, etc.). THIS IS A SERIOUS SECURITY ISSUE THAT MUST BE ADDRESSED ASAP!!
Reproducible: Always
Steps to Reproduce:
1. Make sure you set the cookie privacy setting to "'keep until' I close Firefox" from the pull-down menu
2. Log into Yahoo Mail with Mozilla. Begin using mail as usual; continue until you get fatal error and are forced to report to Mozilla and close ****
3. Restart Firefox, choose 'restore last session' and you will still be signed in, REGARDLESS if you chose to "'keep until' I close firefox" from cookie privacy pull-down menu
***This has only happened to me with Yahoo Mail, but it will happen whenever you get a fatal error and you are logged in (using cookies to log in) to a website.
Actual Results:
I was still logged in after the fatal error, when I specifically set the cookie privacy setting to "'keep until' I close Firefox"
Expected Results:
The software should have erased those cookies, since the option "'keep until' I close Firefox" was selected.
I believe this is happening because you are actually not closing Firefox, Windows is. Firefox does something illegal and has a fatal error after which it must be closed by Windows. Firefox does not register that you actually closed Firefox, so the cookies remain, and your information is accessible to anyone if you forget to restart Firefox and log out.
Updated•17 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•