Closed Bug 1718108 Opened 3 years ago Closed 3 years ago

Firefox can't clear cache on XML pages properly and old data remains on "Source page"

Categories

(Firefox :: Security, task)

Product:
Firefox
Component:
Security
Type:
task

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1318234

People

(Reporter: seqrityman, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Attachments

(1 file)

old_source.png
118.68 KB, image/png
Details
Attached image old_source.png

Hi sec team,
I've found this issue when working on a bucket on Linode(It's like S3 on AWS)
When you set Public permission on the main page that lists all files you can see all files in the bucket and page loads in XML format.
In my case main page was (http://seqmedia.ap-south-1.linodeobjects.com/)
If the main page set on public and you visit "Source page" (Ctrl+U) then you set the page private& you can't the list of files on the main page but If you visit the Source page by (Ctrl+U) you can see the old data(Attached image). Seems like there is a problem on cache in XML files. I've tested this issue with latest Chrome and Microsoft Edge and there isn't any problem with them. (On Linode Bucket and Digital Ocean Spaces)
If Someone set Bucket's main page on private but set files in bucket on public permission, a person who doesn't have right permission can access on these files because cache doesn't work properly on Firefox on XML pages.
If you have any questions, please let me know.

Firefox versions:
89.0.2 (64-bit) Ubuntu version
90.0b11 (64-bit) Developer Edition on Ubuntu
89.0.2 (64-bit) on Windows 10

Best.

Flags: sec-bounty?
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Group: firefox-core-security
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: