Closed
Bug 456517
Opened 16 years ago
Closed 16 years ago
Prompt when website asks to store data offline option doesn't do anything.
Categories
(Core :: Networking: Cache, defect)
Core
Networking: Cache
Tracking
()
RESOLVED
INVALID
People
(Reporter: sephr, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Build Identifier: Under Options -> Advanced -> Network -> "Tell me when a website asks to store data for offline use" doesn't actually do anything. sessionStorage and globalStorage can be written to and read from without any user confirmation. This can be exploited to store large amounts of data on a user's computer without them being able to know that it is being stored (see bug 456513) and how much is being stored (see bug 456512). Reproducible: Always Steps to Reproduce: 1. Visit the website in bug report. 2. Type in some text. (will attempt to store it in globalStorage) Actual Results: Text is stored in globalStorage without user's consent. Expected Results: A prompt warns the user that noteboard.eligrey.com is trying to store offline data on their computer and they can choose to allow or deny access to offline storage. A "do not show me this message again" checkbox should also be shown to remember the choice. This is under critical because this can be exploited very easily and does something a user never consented for.
Reporter | ||
Comment 1•16 years ago
|
||
forgot to mention the preference that the checkbox changes: browser.offline-apps.notify
Reporter | ||
Comment 2•16 years ago
|
||
Found out that was only for cache manifests a while ago.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
Reporter | ||
Updated•16 years ago
|
Severity: critical → normal
You need to log in
before you can comment on or make changes to this bug.
Description
•