Closed Bug 395749 Opened 17 years ago Closed 17 years ago

if yahoo mail crashes, upon restore session, cookies are saved regardless of which 'keep until' option selected

Categories

(Firefox :: Session Restore, defect)

Product:
Firefox
Component:
Session Restore
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 345345

People

(Reporter: lmosoian, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6

After using Yahoo mail to delete, view, compose messages, Mozilla will crash at some point.  Upon restarting Firefox, you will be prompted to restore last session or not.  If you choose to restore, then REGARDLESS of your cookie selection for 'keep until' from the pull-down menu, your cookies will be saved.  This means that you can have a fatal error at any point, but if it is while you are using cookies to log into a site, then they will be saved regardless of your cookie privacy setting.  This enables anyone who uses your computer (and maybe outsiders too) to enter your personal space (banking, school, email, etc.).  THIS IS A SERIOUS SECURITY ISSUE THAT MUST BE ADDRESSED ASAP!!

Reproducible: Always

Steps to Reproduce:
1. Make sure you set the cookie privacy setting to "'keep until' I close Firefox" from the pull-down menu
2. Log into Yahoo Mail with Mozilla.  Begin using mail as usual; continue until you get fatal error and are forced to report to Mozilla and close ****
3. Restart Firefox, choose 'restore last session' and you will still be signed in, REGARDLESS if you chose to "'keep until' I close firefox" from cookie privacy pull-down menu

***This has only happened to me with Yahoo Mail, but it will happen whenever you get a fatal error and you are logged in (using cookies to log in) to a website.
Actual Results:  
I was still logged in after the fatal error, when I specifically set the cookie privacy setting to "'keep until' I close Firefox"

Expected Results:  
The software should have erased those cookies, since the option "'keep until' I close Firefox" was selected.

I believe this is happening because you are actually not closing Firefox, Windows is.  Firefox does something illegal and has a fatal error after which it must be closed by Windows.  Firefox does not register that you actually closed Firefox, so the cookies remain, and your information is accessible to anyone if you forget to restart Firefox and log out.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.