"runas /user:FOO firefox.exe" does not start firefox as user FOO, if firefox is already started as user BAR

RESOLVED DUPLICATE of bug 247412

Status

()

Firefox
Shell Integration
RESOLVED DUPLICATE of bug 247412
14 years ago
13 years ago

People

(Reporter: Tom Unger, Assigned: Ben Goodger (use ben at mozilla dot org for email))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg: dupe 247412])

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2

new Firefoxinstance inherits securitycontext of the already running instance
when using "runas". This can lead to privilegeelevation
 

Reproducible: Always
Steps to Reproduce:
Situation: WindowsXP got 2 Accounts: Admin(Administrator) and FOO(restricted user)
Situation
1. Log on as user FOO
2. All instances of firefox.exe are closed 

Problem:
1. use "runas /user:admin firefox.exe" to run firefox as admin while beeing
logged on as FOO -> firefox runs with admin-userrights(navigate to admins
homedir etc) 

2. Now start firefox using the Icon on the desktop from user FOO -> this will
*NOT* start firefox as user FOO. It will open a firefox-instance with the rights
 of the already running firefox instance of admin 


Actual Results:  
The new instance of firefox can navigate with the admin-userrights

Expected Results:  
Firefox should started as user FOO and should not inherit the userrights from
the running instance.

Windows XPPRO SP1 German full patched

*** This bug has been marked as a duplicate of 247412 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
Group: security
Whiteboard: [sg: dupe 247412]
You need to log in before you can comment on or make changes to this bug.