Closed Bug 265420 Opened 20 years ago Closed 20 years ago

Possibility to see source of secure web pages in Javascript console after logout.

Categories

(Toolkit Graveyard :: Error Console, defect)

Product:
Toolkit Graveyard
Component:
Error Console
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 265228

People

(Reporter: marcin.kowalski, Assigned: bugs)

Details

(Whiteboard: [sg:dupe 265228]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1

I've found that it's possible to see html source of secure (SSL) web pages with
javascript errors/warnings even after logout from secure webpage. Bank account
management services rarely care about browser compatibility issues and produce
lots of javascript error messages.

Reproducible: Always
Steps to Reproduce:
1. Login into any ssl webpage with javascript bugs on it.
2. Logout
3. Click on error message in debugger/console

Actual Results:  
I could read contents of secure web page after I completely logged out.

Expected Results:  
Do not cache SSL pages or add such option in configuration.
Very similar to bug 265228.

*** This bug has been marked as a duplicate of 265228 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Clearing confidential flag, dupe of non-confidential bug
Group: security
Whiteboard: [sg:dupe 265228]
Product: Firefox → Toolkit
Product: Toolkit → Toolkit Graveyard
You need to log in before you can comment on or make changes to this bug.