sets cookie that exceptions shows to be blocked

RESOLVED WORKSFORME

Status

()

--
major
RESOLVED WORKSFORME
11 years ago
11 years ago

People

(Reporter: barking_barnacles, Unassigned)

Tracking

({privacy, qawanted, regression})

1.8 Branch
x86
Windows XP
privacy, qawanted, regression
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(3 attachments)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5

Did new .5 upgrade. Browser now sets cookies that are in exceptions as blocked. Multiple sites but dilbert.com illustrates it fairly safely. 

Reproducible: Always

Steps to Reproduce:
1.install .5 upgrade
2.go to dilbert.com
3.check cookies, find blocked cookies from dilbert.com and oascentral.dilbert.com
Actual Results:  
get unwanted cookies

Expected Results:  
not get unwanted cookies

may be security problem in regards to unwanted cookies, adware, apyware, ect
Not a security issue per-se, but possibly a privacy issue. Do you have any addons that could be causing this problem? Can you reproduce the problem in safe-mode (http://kb.mozillazine.org/Safe_mode)?
Group: security
Keywords: privacy, qawanted, regression
(Reporter)

Comment 2

11 years ago
Tried it in safe mode, still happens.
Fwiw, this is worksforme, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5

Comment 4

11 years ago
Couldn't reproduce on Linux with Bonecho from today.
Reporter, would you be willing to attach your hostperm.1 file to the bug, which is stored in your profile directory?
It can be typically found in:
C:\Documents and Settings\mw\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.Default User5
where xxxxxxxx is a random name.
That file might give some clue about what is going on here.
also works for me with the 2.0.0.5 Release Build on Linux - also with the
dilbert steps to reproduce
(Reporter)

Comment 7

11 years ago
#5: Here are parts relating to Dilbert site:
host	cookie	2	dilbert.com
host	cookie	8	oascentral.dilbert.com
host	cookie	2	dilbert.com
host	cookie	8	oascentral.dilbert.com

All the rest are equally unremarkable. Not trying to be evasive but publishing whole record is = to my web browsing history. Found nothing unusual in file.
Ok, thanks. Indeed, you should not post something you feel not comfortable with.
Here are some quick results from Mac. I went back to 2.0.0.4 because I wanted to set some exceptions and then make the jump to 2.0.0.5 to see what happens. I installed a fresh version of 2004 with a clean profile and then set give sites to block cookies. I then immediately visited all five sites. I grabbed some quick screenshots to show what happens. In my case the sites I listed in exceptions were not blocking cookies. Screenshots coming.
Created attachment 273162 [details]
Exceptions

Exceptions were set before visiting the sites.
Created attachment 273163 [details]
Cookies

Here is my list of cookies after visiting the sites.
Created attachment 273167 [details]
marcia's hostperm file

my hostperm file.

Comment 13

11 years ago
If you're only blocking cookies from "www.dilbert.com", I would expect "dilbert.com" to be able to set cookies... On the other hand, if you're blocking cookies from "dilbert.com" (note the lack of "www") I would NOT expect dilbert.com or any subdomains thereof to be able to set cookies.
Component: General → Networking: Cookies
Product: Firefox → Core
QA Contact: general → networking.cookies
Version: unspecified → 1.8 Branch
retested with dilbert.com (cleared all my cookies out first and removed the entry for www.dilbert.com). Cookies from dilbert.com were blocked, but cookies from several ad sites related to dilbert.com do show up in Cookie Manager.

Comment 15

11 years ago
ric, can you please try the following:

1) go into cookie manager and clear any cookies relating to dilbert.com
2) make sure your exceptions are in place
3) enable cookie logging from the command line (instructions on how to do this can be found at http://www.mozilla.org/projects/netlib/cookies/cookie-log.html)
3) start the browser per instructions in that link, visit dilbert.com, close down the browser
4) attach the resulting cookie log to this bug.

this way, we can see exactly which cookie hosts are getting through.

i'd also note that based on comment 7, you're not blocking cookies from oascentral.dilbert.com - just restricting them to the current session, so you may indeed find cookies from that host. in fact, that host may also set domain cookies for .dilbert.com, which is what you could be seeing in cookie manager. (we handle exceptions based on the host that's trying to set the cookie, not on the domain it's trying to set it for - perhaps you're seeing bug 317229?)

i'm going to close this out as WFM, please reopen if you can provide the info described above, and with your exceptions list suitably amended.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.