Open Bug 1530394 Opened 8 months ago Updated 8 months ago

Session information is shared among multiple private browser windows

Categories

(Firefox :: Private Browsing, defect)

65 Branch
defect
Not set

Tracking

()

UNCONFIRMED

People

(Reporter: anabigmind, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0

Steps to reproduce:

  1. Open a firefox mozilla browser window in private browsing mode (New Private Window).
  2. Login into gmail service
  3. Open one more "New Private window" browser and if we go to gmail it takes us inside the gmail session opened in step 2 without login.

Actual results:

From one private window browser we are able to get the sessions created in another private window browser. I am able to go to the same gmail session of one private window browser in another private window browser. There is no privacy among the private windows of the browser.

Expected results:

The session information from one private window of the Firefox browser should not be visible to the other private window of the Firefox browser. So If I am opening a gmail account in one private window, it should not be visible in another private browser window.

Not an exploitable security issue.

Group: firefox-core-security
Component: Untriaged → Private Browsing

Will it not be a security issue if somebody opens a private window and opens an important website (say for e.g. bank account). Thinking that this window is a private window, he may open another private window which may download some mailicious content which might be able to view/download the personal information (like banking information in this case) from the first private window.
Is this not a security issue then?

You need to log in before you can comment on or make changes to this bug.