Possible security issue with restore last session

RESOLVED DUPLICATE of bug 345345

Status

()

Firefox
Untriaged
RESOLVED DUPLICATE of bug 345345
2 years ago
2 years ago

People

(Reporter: Mirza Ćutuk, Unassigned)

Tracking

40 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Build ID: 20150826023504

Steps to reproduce:

1. Opened Firefox
2. Opened Facebook
3. Clicked log out button
4. Closed Firefox
5. Opened Firefox
6. Clicked restore last session
7. Facebook opened, logged in (remember password was off, keep me logged in too) 


Actual results:

I was logged in to my account without entering a password. This could be a possible problem in a library or a public place, anyone could get a hold of your account easily.



Expected results:

Log in page should have opened, and I shouldn't already be logged in.
(Reporter)

Comment 1

2 years ago
Update
This only works if the person doesn't log out, in that case, the account will be logged in when you restore the session, but not if you go to facebook.com manually.

Updated

2 years ago
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 345345
You need to log in before you can comment on or make changes to this bug.