Closed Bug 1079414 Opened 10 years ago Closed 10 years ago

Cache leads to Privacy leaks

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Version:
Other Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: mohammed_fayez2011, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36

Steps to reproduce:

Hi,

Cache leads to Privacy leaks

1-go to https://bugzilla.mozilla.org
2-Now press logout, and press back button on browser. You will see the session back.This is the information disclosure vulnerability like email of the victim.
I recommend checking for a valid, authenticated session and if there isn't one redirect to the login page.

Regards,
Mohammed fayez


Actual results:

This is the information disclosure vulnerability like email of the victim.


Expected results:

I recommend checking for a valid, authenticated session and if there isn't one redirect to the login page.
This is generally how web browsers work. This isn't technically the network cache: this is how session history reloads prior content. And this data is still present in the cache in any case, even if you don't load the page.

To protect against local attacks you have to clear all private data.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.