Closed Bug 1208785 Opened 9 years ago Closed 9 years ago

Possible security issue with restore last session

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
40 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 345345

People

(Reporter: cutukmirza, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Build ID: 20150826023504

Steps to reproduce:

1. Opened Firefox
2. Opened Facebook
3. Clicked log out button
4. Closed Firefox
5. Opened Firefox
6. Clicked restore last session
7. Facebook opened, logged in (remember password was off, keep me logged in too) 


Actual results:

I was logged in to my account without entering a password. This could be a possible problem in a library or a public place, anyone could get a hold of your account easily.



Expected results:

Log in page should have opened, and I shouldn't already be logged in.
Update
This only works if the person doesn't log out, in that case, the account will be logged in when you restore the session, but not if you go to facebook.com manually.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.