Firefox can't clear cache on XML pages properly and old data remains on "Source page"
Categories
(Firefox :: Security, task)
Tracking
()
People
(Reporter: seqrityman, Unassigned)
References
()
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(1 file)
118.68 KB,
image/png
|
Details |
Hi sec team,
I've found this issue when working on a bucket on Linode(It's like S3 on AWS)
When you set Public permission on the main page that lists all files you can see all files in the bucket and page loads in XML format.
In my case main page was (http://seqmedia.ap-south-1.linodeobjects.com/)
If the main page set on public and you visit "Source page" (Ctrl+U) then you set the page private& you can't the list of files on the main page but If you visit the Source page by (Ctrl+U) you can see the old data(Attached image). Seems like there is a problem on cache in XML files. I've tested this issue with latest Chrome and Microsoft Edge and there isn't any problem with them. (On Linode Bucket and Digital Ocean Spaces)
If Someone set Bucket's main page on private but set files in bucket on public permission, a person who doesn't have right permission can access on these files because cache doesn't work properly on Firefox on XML pages.
If you have any questions, please let me know.
Firefox versions:
89.0.2 (64-bit) Ubuntu version
90.0b11 (64-bit) Developer Edition on Ubuntu
89.0.2 (64-bit) on Windows 10
Best.
Updated•3 years ago
|
Updated•3 years ago
|
Updated•4 months ago
|
Description
•