Closed Bug 279658 Opened 20 years ago Closed 20 years ago

Security bug: Firefox destroys privacy (probably by keeping IDs after closing)

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: g506, Assigned: bugzilla)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Firefox doesnt grant surfing privacy as Internet Explorer does.

If this bug isnt fixed very quick every computer magazin would have
to warn: "If privacy is important to you, never never use Firefox"

Reproducible: Always

Steps to Reproduce:
Hi firefox developers,

an example most users will be quite common with:
   
1. Step: with firefox I log in to the account of my client A on website W 
         (cookies are switched off - no cookie is accepted)
2. Step: I close firefox 

planning to log in to the account of my client B 
I want to visit website W again, so I do the next steps:

3. Step: I open firefox new and visit again website BB 
4. astonishingly I cant log in to the account of my client B 
   as this website is convinced that Im working on client As account.

Obviously Firefox identifies itself in a way that websites are informed
'Im the same Firefox installation that visited you already ten minutes ago'

You might say, no wonder if you didnd log out. But that is not the point.
After me logging out the website might allow a log in with another ID, but
nevertheless the website would know, these both IDs are clients of the same
broker, and this knowledge could have desasterous consequences.

Having red your explanation I got the feeling that the described desaster 
is regarded as regular browser behaviour by you.

In this case every computer magazin soon should publish the warning
'If privacy is important to you, never never use Firefox'

In case privacy should be important to you too you should produce very 
quickly a solution to this problem. 

I suppose that firefox creates some kind of session IDs and think it cant be
so complicated to change these Ids each time a new firefox window is opened 
as Internet Explorer does.

Would be lucky if you could fix this bug soon as on every other detail 
Ive been very happy with firefox.

Good luck
Gunter


Actual Results:  
I had to use Internet Explorer again 

Expected Results:  
After opening a new Firefox window no web site should be able to know, 
that they are communicating with the same installation.



As long as this bug isnt fixed a explicit warning is needed:
'Don't use Firefox if privacy is important to you'
Firefox saves cookies by default. If you don't want it to save cookies, go to
Tools -> Options -> Privacy -> Cookies and uncheck "Allow site to check cookies".

There is no security risk here at all.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
verified invalid - user error
Status: RESOLVED → VERIFIED
Depends on: 394905
No longer depends on: 394905
You need to log in before you can comment on or make changes to this bug.