Closed
Bug 1079414
Opened 10 years ago
Closed 10 years ago
Cache leads to Privacy leaks
Categories
(Core :: General, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: mohammed_fayez2011, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36 Steps to reproduce: Hi, Cache leads to Privacy leaks 1-go to https://bugzilla.mozilla.org 2-Now press logout, and press back button on browser. You will see the session back.This is the information disclosure vulnerability like email of the victim. I recommend checking for a valid, authenticated session and if there isn't one redirect to the login page. Regards, Mohammed fayez Actual results: This is the information disclosure vulnerability like email of the victim. Expected results: I recommend checking for a valid, authenticated session and if there isn't one redirect to the login page.
Comment 1•10 years ago
|
||
This is generally how web browsers work. This isn't technically the network cache: this is how session history reloads prior content. And this data is still present in the cache in any case, even if you don't load the page. To protect against local attacks you have to clear all private data.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•