Closed Bug 1787661 Opened 3 years ago Closed 3 years ago

Saving cookie for local file: URI breaks "Delete cookies and site data when Firefox is closed" feature

Categories

(Toolkit :: Data Sanitization, defect)

Product:
Toolkit
Component:
Data Sanitization
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1778090

People

(Reporter: u712494, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Hi, I've found a high privacy & security issue on Firefox 104 – Windows 64-bit
That issue broke the “Delete cookies and site data when Firefox is closed” feature.

Step to reproduce:

  1. Save a webpage that save cookies (like the accept-cookie banner) locally with “Save page as..” and choose “Webpage, complete”.
    That webpage has an accept-cookie button like this one:
    <a onclick="(function() { document.cookie = 'accepted=okCookie; expires=Mon, 28 Aug 2023 03:47:06 GMT;'; }())">ACCEPT COOKIE</a>

  2. Start Firefox with a fresh and clean profile.

  3. Go to “Privacy & Security” and enable “Delete cookies and site data when Firefox is closed”.

  4. Open the saved webpage and click ACCEPT COOKIE, a cookie like this one will be saved:
    {accepted: okCookie, path: /C:/Users/myuser/Desktop, expiration: Mon, 28 Aug 2023 03:47:06 GMT, HttpOnly:false, secure:false, SameSite:None }

  5. A (local file) cookie appear under “Privacy & Security” -> “Manage Data”.

  6. Go to other websites and then close Firefox

  7. Open Firefox again and go to “Privacy & Security” -> “Manage Data”, all cookies saves by other websites are still there!
    From now on, the “Delete cookies and site data when Firefox is closed” feature doesn't work anymore until I manually delete that (local file) cookie.

Flags: sec-bounty?
Component: Security → Data Sanitization
Product: Firefox → Toolkit
Summary: Bypass the "Delete cookies and site data when Firefox is closed" feature → Saving cookie for local file: URI breaks "Delete cookies and site data when Firefox is closed" feature

This looks very similar to Bug 1778090 which we have fixed. Reporter, could you please test if the issue is still reproduces in Firefox 105+? You can test in either Firefox Beta or Nightly. Thank you!

Flags: needinfo?(byzarq)

Tried on Nightly (106) and seems fixed there.
All cookies are cleaned as expected, except the (local file) one.

Flags: needinfo?(byzarq)

Thanks for confirming!

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Group: firefox-core-security
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.