Closed Bug 381940 Opened 17 years ago Closed 17 years ago

Restore session restores opened web - email even if computer restarts

Categories

(Firefox :: Session Restore, defect)

Product:
Firefox
Component:
Session Restore
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 345345

People

(Reporter: vny91, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3

When Yahoo mail is opened and Windows XP crashes and restarts, firefox prompts for session restore.  
When the session is restored, yahoo mail does not prompt for password.

This is a very serious bug.  If you are browsing on a public computer and the power goes away and another user accesses the same computer and restores your sessions he can get into the mail box.

Reproducible: Always

Steps to Reproduce:
1. Open Yahoo mail 
2. Force shutdown your computer (pull of the power cord) Windows XP or PRO 
3. Start the computer
4. Start Firefox
5. Firefox prompts for restore sessions
6. Yahoo mail is accessible again.
7. Actually password needs to be prompted

Actual Results:  
Yahoo mail is accessible again without password prompt

Expected Results:  
Only password prompt page should show up
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Session Restore should *not* be enabled on shared/public computers, or at most the options should be set to save sites but not the cookies. This is but one of many alterations that should be made if you are offering a computer as a shared resource. see links at http://www.mozilla.org/support for pointers on how to find further help.
You need to log in before you can comment on or make changes to this bug.