523514 - firefox sends all the cookies present in firefox while sending request to any server

Status: RESOLVED INCOMPLETE

(Core :: Networking: Cookies, defect)

Description

[gk]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14

when I am using mutliple tabs to browse different internet sites I see that when I send a request to any server it sends all the coockie information referring different websites. This can pose security issue. This needs to be investigate further.

Reproducible: Always

Steps to Reproduce:
1.open multiple tabs
2.open multiple sites
3.open another tab and send request to your own server and check the header information and coockie information. You will see coockie information fromother sites as well

Comment 1

[Johnathan Nightingale [:johnath]]

[johnath@local ~]$ nc -l -p 80
GET / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2a1) Gecko/20090806 Namoroka/3.6a1 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

 punt!

I cannot reproduce the behaviour you describe and, indeed, it would be a pretty phenomenal security hole, if true. I suspect you either:

a) have an astonishingly badly behaved add on installed, or
b) are using a tool to check header information which is profoundly confused, or
c) something else altogether is afoot.

This needn't be security sensitive; if it were true, I am quite certain the whole world would notice in short order.

Comment 2

[dwitte@gmail.com]

We need far more specific details on how to reproduce this here, or it's WFM.

Comment 3

[Matthias Versen [:Matti]]

need more information