Private Browsing poisoning

RESOLVED DUPLICATE of bug 566010

Status

()

Firefox
Security
RESOLVED DUPLICATE of bug 566010
8 years ago
8 years ago

People

(Reporter: Itzhak Avraham, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4

If one lets a user to surf through his computer in Private Browsing mode or just use the Private Browsing, one doesn't want any impact when quitting the Private Browsing mode.
If a malicious website, makes a user to add a favorite link, in main menu, or other places (via requests spam, or social engineering), a favorite link will also be remembered after the session.

For instance, go to Private browsing mode, and add a certain url to favorite to menu.
In the url link write (i.e) gmail and in the website itself, just include a malicious javascript (for the demo, just write:) "javascript:alert('script');"


After quitting the Private Browsing, the link will still stay in the normal menu, and will contain maybe some proofs on what had been happened on the private browsing session (which the user might didn't want to reveal, which is the reason for using it).


Also, in other scenario, one can edit other person's URL once he gives them a session in Firefox inside a private browsing, to trick him later into clicking on bookmark while being in for instance, gmail?. I know this method already requires being on the computer, but still, stuff shouldn't be left after quitting private browsing mode.

Reproducible: Always

Steps to Reproduce:
1. Make a copy of current session before entering the private browsing.
2. Restore the bookmarks state after exiting the private browsing.
3. Great Success.


Expected Results:  
problem solved.

Credit Itzhak Avraham (PreIncidentAssessment.com / Samsung Research) & Itamar Benjamin

Updated

8 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 566010
You need to log in before you can comment on or make changes to this bug.