User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2 new Firefoxinstance inherits securitycontext of the already running instance when using "runas". This can lead to privilegeelevation Reproducible: Always Steps to Reproduce: Situation: WindowsXP got 2 Accounts: Admin(Administrator) and FOO(restricted user) Situation 1. Log on as user FOO 2. All instances of firefox.exe are closed Problem: 1. use "runas /user:admin firefox.exe" to run firefox as admin while beeing logged on as FOO -> firefox runs with admin-userrights(navigate to admins homedir etc) 2. Now start firefox using the Icon on the desktop from user FOO -> this will *NOT* start firefox as user FOO. It will open a firefox-instance with the rights of the already running firefox instance of admin Actual Results: The new instance of firefox can navigate with the admin-userrights Expected Results: Firefox should started as user FOO and should not inherit the userrights from the running instance. Windows XPPRO SP1 German full patched
*** This bug has been marked as a duplicate of 247412 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.