Closed Bug 1152537 Opened 9 years ago Closed 9 years ago

If i can get the cookies of some user, i can get access to his/her profile through firefox

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
35 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: tarun.aggarwal4, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
Build ID: 20150122214805

Steps to reproduce:

If i can get access to user's cookie , I can get access to his/her profile.


Actual results:

I am able to get the access of user's profile


Expected results:

It should not allow me to have access of user's profile
This is expected behavior for sites that use cookies for authentication and will be true in every browser. This is why browser vendors stress that sites should use secure https:// connections and get rid of their insecure versions. There have been well publicized demonstrations where attackers have stolen such cookies over public wifi connections for sites that did not use https://.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Flags: sec-bounty-
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.