Closed Bug 253083 Opened 20 years ago Closed 20 years ago

"runas /user:FOO firefox.exe" does not start firefox as user FOO, if firefox is already started as user BAR

Categories

(Firefox :: Shell Integration, defect)

Product:
Firefox
Component:
Shell Integration
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 247412

People

(Reporter: tom.unger, Assigned: bugs)

Details

(Whiteboard: [sg: dupe 247412]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2

new Firefoxinstance inherits securitycontext of the already running instance
when using "runas". This can lead to privilegeelevation
 

Reproducible: Always
Steps to Reproduce:
Situation: WindowsXP got 2 Accounts: Admin(Administrator) and FOO(restricted user)
Situation
1. Log on as user FOO
2. All instances of firefox.exe are closed 

Problem:
1. use "runas /user:admin firefox.exe" to run firefox as admin while beeing
logged on as FOO -> firefox runs with admin-userrights(navigate to admins
homedir etc) 

2. Now start firefox using the Icon on the desktop from user FOO -> this will
*NOT* start firefox as user FOO. It will open a firefox-instance with the rights
 of the already running firefox instance of admin 


Actual Results:  
The new instance of firefox can navigate with the admin-userrights

Expected Results:  
Firefox should started as user FOO and should not inherit the userrights from
the running instance.

Windows XPPRO SP1 German full patched

*** This bug has been marked as a duplicate of 247412 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Group: security
Whiteboard: [sg: dupe 247412]
You need to log in before you can comment on or make changes to this bug.