sets cookie that exceptions shows to be blocked




11 years ago
11 years ago


(Reporter: barking_barnacles, Unassigned)


({privacy, qawanted, regression})

1.8 Branch
Windows XP
privacy, qawanted, regression

Firefox Tracking Flags

(Not tracked)




(3 attachments)



11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070713 Firefox/
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070713 Firefox/

Did new .5 upgrade. Browser now sets cookies that are in exceptions as blocked. Multiple sites but illustrates it fairly safely. 

Reproducible: Always

Steps to Reproduce:
1.install .5 upgrade
2.go to
3.check cookies, find blocked cookies from and
Actual Results:  
get unwanted cookies

Expected Results:  
not get unwanted cookies

may be security problem in regards to unwanted cookies, adware, apyware, ect
Not a security issue per-se, but possibly a privacy issue. Do you have any addons that could be causing this problem? Can you reproduce the problem in safe-mode (
Group: security
Keywords: privacy, qawanted, regression

Comment 2

11 years ago
Tried it in safe mode, still happens.
Fwiw, this is worksforme, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070713 Firefox/

Comment 4

11 years ago
Couldn't reproduce on Linux with Bonecho from today.
Reporter, would you be willing to attach your hostperm.1 file to the bug, which is stored in your profile directory?
It can be typically found in:
C:\Documents and Settings\mw\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.Default User5
where xxxxxxxx is a random name.
That file might give some clue about what is going on here.
also works for me with the Release Build on Linux - also with the
dilbert steps to reproduce

Comment 7

11 years ago
#5: Here are parts relating to Dilbert site:
host	cookie	2
host	cookie	8
host	cookie	2
host	cookie	8

All the rest are equally unremarkable. Not trying to be evasive but publishing whole record is = to my web browsing history. Found nothing unusual in file.
Ok, thanks. Indeed, you should not post something you feel not comfortable with.
Here are some quick results from Mac. I went back to because I wanted to set some exceptions and then make the jump to to see what happens. I installed a fresh version of 2004 with a clean profile and then set give sites to block cookies. I then immediately visited all five sites. I grabbed some quick screenshots to show what happens. In my case the sites I listed in exceptions were not blocking cookies. Screenshots coming.
Created attachment 273162 [details]

Exceptions were set before visiting the sites.
Created attachment 273163 [details]

Here is my list of cookies after visiting the sites.
Created attachment 273167 [details]
marcia's hostperm file

my hostperm file.

Comment 13

11 years ago
If you're only blocking cookies from "", I would expect "" to be able to set cookies... On the other hand, if you're blocking cookies from "" (note the lack of "www") I would NOT expect or any subdomains thereof to be able to set cookies.
Component: General → Networking: Cookies
Product: Firefox → Core
QA Contact: general → networking.cookies
Version: unspecified → 1.8 Branch
retested with (cleared all my cookies out first and removed the entry for Cookies from were blocked, but cookies from several ad sites related to do show up in Cookie Manager.

Comment 15

11 years ago
ric, can you please try the following:

1) go into cookie manager and clear any cookies relating to
2) make sure your exceptions are in place
3) enable cookie logging from the command line (instructions on how to do this can be found at
3) start the browser per instructions in that link, visit, close down the browser
4) attach the resulting cookie log to this bug.

this way, we can see exactly which cookie hosts are getting through.

i'd also note that based on comment 7, you're not blocking cookies from - just restricting them to the current session, so you may indeed find cookies from that host. in fact, that host may also set domain cookies for, which is what you could be seeing in cookie manager. (we handle exceptions based on the host that's trying to set the cookie, not on the domain it's trying to set it for - perhaps you're seeing bug 317229?)

i'm going to close this out as WFM, please reopen if you can provide the info described above, and with your exceptions list suitably amended.
Last Resolved: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.