375182 - Session restore severe security and privacy bug

Status: RESOLVED DUPLICATE of bug 345345

(Firefox :: Session Restore, defect)

Description

[Don]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3

If the computer is shut down with Firefox open, after the computer is rebooted a dialog pops up offering to restore the session the next time the user tries to open a link.

This causes several severe issues:
1) the next person to use the computer is presented with all open tabs REGARDLESS OF THE SETTING OF ERASE PRIVATE DATA
3) sites requiring logins MAY continue to be logged in.
3) the first link to open fails to open and produces an error message.
4) if the link is from a program, the message "locate link browser" is presented.

Reproducible: Always

Steps to Reproduce:
1. turn off computer with firefox open
2. restart computer
3. click on a link or internet shortcut.
Actual Results:  
Error message is displayed. Private data from previous computer user is presented.

Expected Results:  
Link should open in browser.

This is a severe privacy, security and functional issue.

1) Restore information must be deleted if computer is shutting down or rebooting.
2) Restore should not be offered if Firefox is being opened with a url (link, shortcut, etc)
3) Restore must be disabled by default if the option to clear all personal data on exit is selected.

Comment 1

[Ria Klaassen (not reading all bugmail)]

The privacy issue is bug 345345.

Comment 2

[Simon Bünzli]

This is a combination of bug 333907 (technical issue), bug 345345 (potential privacy issue) and possibly a few others. If you feel that any of the aspects hasn't been filed as a bug, please do so (one issue per bug, though). -> DUPE