1444693 - Information leakage through Child Tab

Status: RESOLVED INVALID

(Firefox :: Session Restore, defect)

Description

[Dhiraj Mishra]

Attachment: PoC.zip

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Build ID: 20180206200532

Steps to reproduce:

Product Affected:
Name 	Firefox
Version 	58.0.2
Build ID 	20180206200532
Update Channel 	release
User Agent 	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
OS 	Windows_NT 10.0


Actual results:

I may not be able to explain well but here is what i got,
The application which have some services and opens in child tab (Using Auth) and once the user perform his/her activity, and logout from the session or closing the child tab still by pressing SHIFT+CTRL+N open's up the same child tab with information which was feed by the above user, without providing any user creds.

Example:
1. Login to blogger.com
2. Navigate to Layout
3. Edit any gadgets from it (Its opens up a child tab)
4. Close the child tab, Logout from Gmail
5. Press SHIFT+CTRL+N you will be able to see the above child tab

Imapct: Information leakage, lets suppose a scenario where user feed his/her credit card details or such in child tab. Attached PoC for reference.


Expected results:

I am not sure, by pressing SHIFT+CTRL+N something like this should happen or not or its working as intended, Request team to kindly look into this and advise.

Comment 1

[:Gijs (away/busy until Mar 10)]

We allow you to undo close tab in private browsing (and wontfixed changing that - bug 1274537), so undo'ing closing a window seems straightforward as something we will want to continue doing. Certainly I don't think this is a security issue that needs to stay hidden. The website could defend against this type of thing by checking login state when a page loads (and I know that certain other google properties, like google docs, already do this).