376401 - when lauching two firefox executables, the second one reuse session data from the first

Status: RESOLVED DUPLICATE of bug 117222

(Firefox :: Security, defect)

Description

[Fernando Wendt]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3

Firefox 2 is reusing session data, when using two or more different instances from the browser.

Maybe a reflection from the "restore session data" facility, this buggy behavior is chashing a singular securty point from web browser fundamentals: each browser istance use a single and different session identificator.

The browser is over written session data between the navigator instances.

This behavior has been caught using different browser instances (executable ones), NOT TAB BROWSING.

Reproducible: Always

Steps to Reproduce:
1.Run a first Firefox browser instance
2.Access some login service with you account data
3.Run a secound Firefox browser instance
4.Acess the same login service, using a different account data (other user)
5.See what happens in the first Firefox instance user data
Actual Results:  
The session data is being overriden, between two different browser instances, from the last uppon the first.



Expected Results:  
Each browser instance must have a exclusive session controller, independent from any other browser running.

A simple and practical use case: if you are using one Firefox browser windown, getting your email data, and then your wife use the same computer, starting another Firefox browser, and points her email data (from the same provider - ie. Gmail, MSN, Yahoo!), you or her will have serius problems: one of your browsers will get a session overriden mistake.

Comment 1

[Dave Townsend [:mossop]]

This has been the way Firefox has worked forever. When you run firefox a second time you are merely opening a new window in the original instance.