Closed
Bug 575012
Opened 14 years ago
Closed 14 years ago
Private Browsing poisoning
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 566010
People
(Reporter: itz2000, Unassigned)
Details
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 If one lets a user to surf through his computer in Private Browsing mode or just use the Private Browsing, one doesn't want any impact when quitting the Private Browsing mode. If a malicious website, makes a user to add a favorite link, in main menu, or other places (via requests spam, or social engineering), a favorite link will also be remembered after the session. For instance, go to Private browsing mode, and add a certain url to favorite to menu. In the url link write (i.e) gmail and in the website itself, just include a malicious javascript (for the demo, just write:) "javascript:alert('script');" After quitting the Private Browsing, the link will still stay in the normal menu, and will contain maybe some proofs on what had been happened on the private browsing session (which the user might didn't want to reveal, which is the reason for using it). Also, in other scenario, one can edit other person's URL once he gives them a session in Firefox inside a private browsing, to trick him later into clicking on bookmark while being in for instance, gmail?. I know this method already requires being on the computer, but still, stuff shouldn't be left after quitting private browsing mode. Reproducible: Always Steps to Reproduce: 1. Make a copy of current session before entering the private browsing. 2. Restore the bookmarks state after exiting the private browsing. 3. Great Success. Expected Results: problem solved. Credit Itzhak Avraham (PreIncidentAssessment.com / Samsung Research) & Itamar Benjamin
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•