Closed Bug 262656 Opened 20 years ago Closed 20 years ago

Cookies from external sites allowed via javascript includes when 'for the originating website only' cookie preference is set

Categories

(Firefox :: Settings UI, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 200716

People

(Reporter: gburt, Assigned: bugzilla)

References

()

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041001 Firefox/0.10.1

When a user has the 'for the originating web site only' cookie preference true,
external sites are still able to set new cookies via JavaScript includes from
the original web site. I believe this is misleading to the user, and those
cookies should not be allowed with this preference set.

Reproducible: Always
Steps to Reproduce:
1. Visit a web site that includes external scripts via <script
src="http://other.site.com">
2. Watch cookies get set (most easily by setting the 'ask me every time' cookie
preference
3.

Actual Results:  
Cookies from sites other than the site the user believes they are visiting are
allowed to be set when the 'for the originating web site' cookie preference is set

Expected Results:  
These cookies should not be allowed, or the preference should be changed so it
doesn't mislead the user into thinking they will be.

*** This bug has been marked as a duplicate of 200716 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
sorry for bugspam, long-overdue mass reassign of ancient QA contact bugs,
filter on "beltznerLovesGoats" to get rid of this mass change
QA Contact: mconnor → preferences
You need to log in before you can comment on or make changes to this bug.