Open
Bug 1237777
Opened 10 years ago
Updated 3 years ago
Third-party cookies set while Tracking Protection is off should not be preserved when it is back on
Categories
(Toolkit :: Safe Browsing, defect, P5)
Toolkit
Safe Browsing
Tracking
()
REOPENED
People
(Reporter: dmarti, Unassigned)
Details
(1) user turns off tracking protection for site A
(2) user uses the web normally with tracking protection on
(3) user later visits site B and turns off tracking protection there, too.
Somehow we need to clean up any cookies (or other state) that got set on A before third parties can see them while the user is on B.
One possible approach:
when turning off tracking protection: make a list of all sites that have stored state (cookies + other stuff)
when turning tracking protection back on:
(1) list all sites that have stored state
(2) skip the sites that were already listed when the user turned tracking protection off
(3) check the remaining sites (hosts and URL paths) against the tracking protection list
Or keep track of cookies as having been accepted in an unprotected mode, and on which site, and clean them up on leaving that site.
|
||
Updated•9 years ago
|
Component: DOM: Security → Safe Browsing
Product: Core → Toolkit
|
||
Updated•9 years ago
|
Priority: -- → P5
|
||
Comment 2•7 years ago
|
||
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INACTIVE
|
|
||
Updated•7 years ago
|
Status: RESOLVED → REOPENED
Resolution: INACTIVE → ---
|
||
Comment 3•4 years ago
|
||
Dropping mentors from this bug as there's not a clear description of what needs doing (possible isn't definite) / no pointers to code / no language information.
Mentor: dhuseby, francois
|
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•