Cache leads to Privacy leaks

RESOLVED INVALID

Status

()

RESOLVED INVALID
4 years ago
4 years ago

People

(Reporter: mohammed_fayez2011, Unassigned)

Tracking

Other Branch
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36

Steps to reproduce:

Hi,

Cache leads to Privacy leaks

1-go to https://bugzilla.mozilla.org
2-Now press logout, and press back button on browser. You will see the session back.This is the information disclosure vulnerability like email of the victim.
I recommend checking for a valid, authenticated session and if there isn't one redirect to the login page.

Regards,
Mohammed fayez


Actual results:

This is the information disclosure vulnerability like email of the victim.


Expected results:

I recommend checking for a valid, authenticated session and if there isn't one redirect to the login page.

Comment 1

4 years ago
This is generally how web browsers work. This isn't technically the network cache: this is how session history reloads prior content. And this data is still present in the cache in any case, even if you don't load the page.

To protect against local attacks you have to clear all private data.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.