Closed Bug 304041 Opened 20 years ago Closed 4 years ago

purge of unsolicited restricted site cookies on Mozilla startup (Realplayer 10 sets cookies in Mozilla when browser is not executing.)

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: lflem001h, Assigned: dveditz)

Details

(Whiteboard: [wontfix?])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Realplayer 10 is setting cookies in Mozilla when the browser is not executing. This is happening each time Realplayer 10 is invoked no matter from what source. The Realplayer 10 cookies are off in Realplayer 10 and are site restricted in Mozilla. Suggest purge of restricted site cookies on Mozilla startup. Reproducible: Always Steps to Reproduce: 1.Purge cookies from Mozilla. 2.Close Mozilla completely. 3.Start Realplayer 10 from any source. Actual Results: When Mozilla is started and before active use of the browser you will find Realplayer 10 related cookies if you open the Mozilla cookie manager and view the stored cookies. Expected Results: There should be no Realplayer 10 related cookies in Mozilla since the sites are blocked. This is a damn clever security circumvention by Real.
Clearing confidential flag to raise the profile. Locally installed programs can "hack" you -- that's not a security exploit per se. What to do about it (including nothing) needs more community discussion.
Group: security
Product: Mozilla Application Suite → Core
Version: unspecified → 1.0 Branch
Cookies will eventually move over to "mozStorage" (sqlite-based) which will stop this for a while. If they're determined enough they can adjust and get around that, and if they're that determined they could also bypass restrictions based on the cookie domain permissions (by unblocking themselves, for instance). The best solutions might be social -- users hate secret cookies, make sure everyone (including the anti-spyware people) know about this. Of course this action could very well be Real's response to the current generation of anti-spyware programs cookie deletion practices.
My personal opinion, if you don't like it use Real, or create/develop/request from someone willing; an extension which will remove them on startup for you. There is no generic policy I can come up with, which will make sense to all (or even most) users regarding this, and special case-ing for Real will open the door, so to speak, for many more "Spyware" built-in-auto-removals. (which *some* people may actually want/not mind). Real Networks has always (at least to me) been a company whose products act very agressively on your computer (make sure its prominent in places that 'count'). Which is why I personally don't like it, (though I still use it on some computers knowing this). Given the current summary, which is more of a statement of fact on a product we do not controll, I would personally suggest RESO/WONTFIX; [disclaimer to those reading this comment: I am not part of any entity with Mozilla in its name, unless you include "Community" in that assertion, therefore I speak for no-one but myself on these opinions.]
Version: 1.0 Branch → Trunk
QA Contact: seamonkey → toolkit
Summary: Realplayer 10 sets cookies in Mozilla when browser is not executing. → purge of unsolicited restricted site cookies on Mozilla startup (Realplayer 10 sets cookies in Mozilla when browser is not executing.)
Whiteboard: [wontfix?]
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Plugins are no longer supported https://support.mozilla.org/en-US/kb/npapi-plugins

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.