Closed Bug 1429302 Opened 7 years ago Closed 7 years ago

Security issue with session moving between windows

Categories

(Firefox :: Private Browsing, defect)

Product:
Firefox
Component:
Private Browsing
Version:
57 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 117222

People

(Reporter: putt1ck, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0 Build ID: 20180103231032 Steps to reproduce: Opened a private browsing window (to test something in a Nextcloud instance as a different user). Logged in, ran test. Thought of new test, opened new private browsing window, logged in as 3rd user; login works; at this point I have 3 windows open logged into same site, one normal, 2 private, all logged in as different users. Call them "real", "test1" and "test2". I run my test as test2, get results, think of another test, switch back between private windows to see outcome as test1; navigate within browser to start the new test. Actual results: test1's private window now becomes a 2nd private window for test2. Expected results: Each private browsing window should have retained its own log in details.
Component: Untriaged → Private Browsing
This is intentional behaviour. We are keeping track of the idea of supporting separate private sessions in bug 117222.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
This is not a duplicate of a bug started years before there was such a command as "open in new private window". This is a security issue, because the implication of a new private window is that it is private, not shared with previously opened windows.
That is the bug we're using, since the concept of separate sessions in separate private windows is equivalent to what it describes.
You need to log in before you can comment on or make changes to this bug.