Closed
Bug 423735
Opened 16 years ago
Closed 16 years ago
AOL login security breach by Firefox session restore
Categories
(Firefox :: Session Restore, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: egarner123, Unassigned)
Details
(Whiteboard: [sg:needinfo])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 After logging off AOL, session restore permits automatic login to AOL account. Reproducible: Always Steps to Reproduce: 1) Make sure session restore is turned on. 2) Login to AOL. 3) logoff AOL. 4) Close Firefox so that session restore will appear next time FF opens. 5) Restore session - no need to login to AOL (i.e., security breach). Actual Results: Access to AOL account w/o re-entering username & password. Expected Results: Username & Password should be required after initiating session restore.
Comment 1•16 years ago
|
||
How soon after logging off AOL do you shutdown Firefox? The crash recovery feature takes a snapshot every ten seconds (adjustable via a hidden pref browser.sessionstore.interval) so if you killed Firefox within that interval I might expect this. Did you kill Firefox or do you use the "show my tabs from last time" feature and shut down Firefox cleanly? If the latter then this would be a legit bug--the final state should be saved cleanly--but then you wouldn't get the "restore my session" dialog on your next startup.
Whiteboard: [sg:needinfo]
Reporter | ||
Comment 2•16 years ago
|
||
This would occur regardless of time, as much as an hour or two would pass. I would often have two AOL sessions that were logged off. The "show my tabs from last time" feature was not turned on. This has been going on for several weeks. However, something just happened where it no longer happens. I am a computer administrator and PC support person, so I know the issue was real. But I can no longer reproduce the problem. There was also an issue with AOL where it would not close properly if there were two AOL sessions in the same window. That seems to have been fixed. I will close this bug. I need to quit AOL.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•