Closed Bug 660994 Opened 14 years ago Closed 14 years ago

History re-opens passworded pages insecurely.

Categories

(Firefox :: Session Restore, defect)

Product:
Firefox
Component:
Session Restore
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: drew.grant, Unassigned)

Details

User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Build Identifier: Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 My brother was browsing a passworded site (My Ebay) on my computer, then closed Firefox & closed down computer. On restart used I "History" function to re-access that site and it signed me in to his page without requesting any password !. This password is NOT saved on Firefox. Hazard of someone else using my computer being able to access supposed secure information, eg my credit card/bank accounts! Version is Firefox 4.0.1 Reproducible: Always Steps to Reproduce: 1.Open passworded page 2.Close Firefox then close down computer 3.on restart go into History and click on the secured page and it will reopen without requesting password Expected Results: Expected to open the "Enter user name and Password" page
Component: Bookmarks & History → Session Restore
QA Contact: bookmarks → session.restore
Sounds like a dup of bug 530594. See also bug 529899 and bug 627472.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
(In reply to comment #1) > Sounds like a dup of bug 530594. See also bug 529899 and bug 627472. > > *** This bug has been marked as a duplicate of bug 530594 *** so no need to keep it hidden right ?
Group: core-security
This doesn't sound like a session restore problem. My guess is that your brother left the "keep me signed in" box checked, which sets a normal cookie with a long lifetime. 2 other things: 1. If the session wasn't restored, then this isn't related to session restore. 2. Session restore will only save session cookies for open sites. Going into the history menu to open a site indicates to me that a session was not restored or at least that ebay was not open. We don't have the full story, but that's my gut feeling. I could be wrong on all counts here in which case this really is a dupe... Unless we get a better picture here, I'm saying this is invalid.
Resolution: DUPLICATE → INVALID
You need to log in before you can comment on or make changes to this bug.