Closed
Bug 680008
Opened 13 years ago
Closed 10 years ago
window.crypto.logout can be abused to DoS many aspects of the browser
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 1030963
People
(Reporter: briansmith, Unassigned)
References
Details
(Keywords: sec-low, Whiteboard: [sg:low])
1. window.crypto.logout blows away the entire SSL session cache, even for sites unrelated to the current window. Instead, only the session cache entries relevant to the current window should be removed. 2. window.crypto.logout logs the user out of any/all PKCS#11 modules he is logged into. An open web page can abuse this to make Firefox unusable for any (other) site that uses SSL client authentication with smartcards. It may also be able to make Firefox unusable when a master password is used. 3. window.crypto.logout clears any temporary cert error overrides that the user has set. This should not happen. 4. window.crypto.logout clears all the settings for what client certificate to use by default for all websites, not just the site in the current window/tab. This should not happen. 5. window.crypto.logout seems to terminate every SSL connection in the browser. This could be used to DoS any SSL connection. In particular, this could be used to prevent browser updates from downloading. This should not be allowed.
Comment 1•13 years ago
|
||
Wow. Some work needed here...! Gerv
Comment 2•13 years ago
|
||
Mostly a (really bad) sg:dos, but some of the logging-out could lead to people making attacker socially-influenced decisions on the reconnect.
Whiteboard: [sg:low]
![]() |
||
Updated•13 years ago
|
Keywords: sec-review-needed
Updated•11 years ago
|
Group: crypto-core-security
Updated•10 years ago
|
Group: crypto-core-security
![]() |
||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•