Closed Bug 575012 Opened 14 years ago Closed 14 years ago

Private Browsing poisoning

Categories

(Firefox :: Security, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 566010

People

(Reporter: itz2000, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4

If one lets a user to surf through his computer in Private Browsing mode or just use the Private Browsing, one doesn't want any impact when quitting the Private Browsing mode.
If a malicious website, makes a user to add a favorite link, in main menu, or other places (via requests spam, or social engineering), a favorite link will also be remembered after the session.

For instance, go to Private browsing mode, and add a certain url to favorite to menu.
In the url link write (i.e) gmail and in the website itself, just include a malicious javascript (for the demo, just write:) "javascript:alert('script');"


After quitting the Private Browsing, the link will still stay in the normal menu, and will contain maybe some proofs on what had been happened on the private browsing session (which the user might didn't want to reveal, which is the reason for using it).


Also, in other scenario, one can edit other person's URL once he gives them a session in Firefox inside a private browsing, to trick him later into clicking on bookmark while being in for instance, gmail?. I know this method already requires being on the computer, but still, stuff shouldn't be left after quitting private browsing mode.

Reproducible: Always

Steps to Reproduce:
1. Make a copy of current session before entering the private browsing.
2. Restore the bookmarks state after exiting the private browsing.
3. Great Success.


Expected Results:  
problem solved.

Credit Itzhak Avraham (PreIncidentAssessment.com / Samsung Research) & Itamar Benjamin
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.