Closed Bug 529972 Opened 15 years ago Closed 12 years ago

Download manager leaves process/session live

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows Vista
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: crazytonyi, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) Very quickly, I know that there are at least two other reports of this issue. However it has been considered "resolved" (which it is not) and only a workaround has been provided. Here's the basics: If I have two windows open, each with 3 tabs, and I have the download manager window open, the download manager is treated as an open window. The result is that when I close the two main windows, neither offers me a "save and close" option, as the download manager is considered an open window and thus the "save and close" option does not get triggered since the process isn't terminated while download window is open. This may seem like a minor inconvenience, but there is actually a potential security hole that this opens. Rather than looking at this from the point of view of the session not being saved, instead consider the fact that the session is still open. If I go to my bank site, school site, and work site, each of which requires authentication involving a session cookie that expire at the end of the session, those cookies and sessions are still live after closing all but the download manager. Thus if I was a less-paranoid user, I might: *sign in on a semi-public computer (let's say a private laptop at a cafe), * sign in to my bank to see if I have enough for another muffin, * realize I urgently need to use the restroom, * at the last moment gain enough sense to close my browser so that I don't have my bank site wide open for anyone passing by to peruse, * don't realize that the download window is still open (or realize that it matters) Now I'm in the restroom and someone jumps on and opens a new window and simply opens my history, fully capable of going back to the bank page and do what they will. Reproducible: Always Steps to Reproduce: 1. Open a window 2. Open the download manager 3. Close first window. I think it would be fairly simply to add a function that says "Is there any other window OTHER than the download manager open besides the one being closed? If no, close download manager window first, proceed as usual."
Since a remote attacker cannot cause this state it doesn't need to be a hidden bug, and in fact may serve as a warning to vulnerable users. workaround: don't close windows, exit the app (File->Exit, <apple>->Quit, Cmd-Q, etc). In fact, on Mac you can close _all_ the windows including the download manager and the app is still running, but that's just the Mac way. If I left my laptop as described I'd be more worried about it disappearing than someone messing with my logged-in sessions.
Group: core-security
can you try this issue with latest version of Firefox? http://getfirefox.com
Whiteboard: [closeme-300213]
Resolved per whiteboard
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
Whiteboard: [closeme-300213]
You need to log in before you can comment on or make changes to this bug.