Session restore severe security and privacy bug

RESOLVED DUPLICATE of bug 345345

Status

()

Firefox
Session Restore
--
critical
RESOLVED DUPLICATE of bug 345345
11 years ago
11 years ago

People

(Reporter: Don, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3

If the computer is shut down with Firefox open, after the computer is rebooted a dialog pops up offering to restore the session the next time the user tries to open a link.

This causes several severe issues:
1) the next person to use the computer is presented with all open tabs REGARDLESS OF THE SETTING OF ERASE PRIVATE DATA
3) sites requiring logins MAY continue to be logged in.
3) the first link to open fails to open and produces an error message.
4) if the link is from a program, the message "locate link browser" is presented.

Reproducible: Always

Steps to Reproduce:
1. turn off computer with firefox open
2. restart computer
3. click on a link or internet shortcut.
Actual Results:  
Error message is displayed. Private data from previous computer user is presented.

Expected Results:  
Link should open in browser.

This is a severe privacy, security and functional issue.

1) Restore information must be deleted if computer is shutting down or rebooting.
2) Restore should not be offered if Firefox is being opened with a url (link, shortcut, etc)
3) Restore must be disabled by default if the option to clear all personal data on exit is selected.
The privacy issue is bug 345345.

Comment 2

11 years ago
This is a combination of bug 333907 (technical issue), bug 345345 (potential privacy issue) and possibly a few others. If you feel that any of the aspects hasn't been filed as a bug, please do so (one issue per bug, though). -> DUPE
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 345345
You need to log in before you can comment on or make changes to this bug.