Closed Bug 1350742 Opened 7 years ago Closed 4 years ago

Console history of executed commands is shared between private and non-private windows

Categories

(DevTools :: Console, defect, P4)

Product:
DevTools
Component:
Console
Version:
52 Branch
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1576907

People

(Reporter: yaroslav.c7s, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36

Steps to reproduce:

Steps:
1. Private Window.
2. Dubugger -> Console -> any code -> execute.
3. Private Window - close.
4. Non private.
5. Dubugger -> Console -> (↑)


Actual results:

Getting the history of the executed commands (in private mode).
This doesn't need to stay a hidden bug.
Group: firefox-core-security
Component: Untriaged → Developer Tools: Console
Summary: Debugger. Console. Getting the history of the executed commands in private mode → Console history of executed commands is shared between private and non-private windows
Product: Firefox → DevTools
I'm not sure this is this something we should fix ? What are the risks here ?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P4

I just had to run some JS code that contained hard-coded credentials, to test a login API. To avoid leaking those credentials, I ran the code in the console of a private window, assuming that when I closed the window, its console history would be deleted just like the normal history. But due to this bug, those credentials are now saved in the console history, and the only workaround appears to be to delete the entire history with clearHistory().

Bug 1576907 does capture the work for this and is a P2.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.