Closed Bug 389126 Opened 17 years ago Closed 16 years ago

Session Restore circumvents Clear Private Data

Categories

(Firefox :: Session Restore, defect)

Product:
Firefox
Component:
Session Restore
Version:
2.0 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: Klem, Unassigned)

Details

(Keywords: privacy) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5

Summary:
An "unresponsive script" dialogue triggered by Firefox's session restore code prevent browser sanitisation: resulting in the disclosure of private data. No warning or error message was given.

Long version:
This afternoon I was researching a highly sensitive problem on the net using Firefox. During my research I collected a large number of open tabs all containing related and CONFIDENTIAL pages.
At the end of the session I right clicked on one of the tabs and chose "close other tabs" from the context menu, then loaded the default homepage over the remaining page. I then ran "clear private data" using the default setting (all options excluding cookies and passwords were selected).
Confident my browsing history was gone I closed the main window to terminate Firefox. The window closed revealing an "unresponsive script" dialogue which had popped under my browser session and been missed. I dismissed it by clicking the close cross then shut down the computer and left.
I returned later to find a colleague browsing through the tabs which I had been researching earlier!
I was using PC hardware running the current, mainstream, 2.0.0.5 Windows release of Firefox but am concerned that this frightening security & privacy failure will affect other platforms and OSs.

Reproducible: Didn't try

Steps to Reproduce:
1. Open many tabs in a single browser window and await the unresponsive scrip dialogue to be triggered by the crash recovery code.
2. Ignoring unresponsive script dialogue:
2a. "Close Other Tabs"
2b. "Clear Private Data"
2c. Close browser window.
3. Dismiss unresponsive script dialogue.
4. Start Firefox
Actual Results:  
The "restore session" dialogue is presented upon restart. Electing to restore the session, Firefox reloads all the tabs which were open (presumably) when the 

Expected Results:  
No tabs were open when Firefox was terminated. The session was sanitised at shutdown therefore:
No record of the previous session should be retained, no "restore session" option should be offered and the previous PRE SANITISATION session must NOT BE RECOVERABLE.
URL: any
Keywords: privacy
Version: unspecified → 2.0 Branch
URL: any
Severity: critical → major
Component: Security → Session Restore
QA Contact: firefox → session.restore
This sounds similar to bug 388239.
I've been trying to get Session Restore to get unresponsive by adding
> for (var i = 0; i < Infinity; i++);
at various points. However, wherever I insert that line, the Clear Private Data dialog never comes up while the Unresponsive Script prompt is still up. In Firefox 3.0, I even never get the Unresponsive Script prompt to start with.
-> WORKSFORME

Then again, Clear Private Data never really managed to clear all session data in Firefox 2.0 due to bug 366572, anyway.

For privacy sensitive activities, you thus better use Firefox 3.0 (and if possible your own profile at OS level which other users can't access).
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.