Closed Bug 866511 Opened 11 years ago Closed 11 years ago

Any account can be compromised

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 345345

People

(Reporter: prashantvats, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31

Steps to reproduce:

First login with your account (gmail, facebook, etc)using your credentials and we need to some how crash the Firefox or Cut off user connective with internet and force user to close browser.


Actual results:

now what attacker or malicious user have to do is use Firefox functionality "Restore Previous session " once previous session was restored attacker can use user authenticated session with was halted  last time (no matter user choose remember me functionality)


Expected results:

even if user click on restore previous session, all authenticated session's must be destroyed
OS: Windows 7 → All
Hardware: x86 → All
You are basically concerned that session restore also restores the authenticated sessions? This doesn't need to be hidden since the scenario described in this bug requires someone to be physically at your computer to restore the previous session. For public use computers, there is a pref to disable restore session after a crash. 

This is basically a duplicate of Bug 345345. Read that to understand the basic history of this issue.

Thanks for reporting a bug. Please don't be discouraged!
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.