Closed Bug 694054 Opened 13 years ago Closed 8 years ago

Firefox allows extensions to ignore cookie expiration preference

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: VanillaMozilla, Unassigned)

Details

(Keywords: privacy) 

Even though cookies are set to expire on exit, Firefox subsequently allows extensions to set new cookies with definite expiration dates. On closing and reopening the browser, they are still there.

Steps to duplicate (in exact sequence)
1. Starting from a new profile, install Video DownloadHelper and restart browser.
2. Tools > Downloadhelper > General > Behavior.  Make sure "Disable download count cookie" is disabled (disabled by default).
3. Allow third-party cookies, and set cookies to expire on exit.
4. Clear all cookies from Tool/Options/Privacy or Edit/Preferences/Privacy.
5. View http://www.youtube.com/watch?v=izWrWkygGdI . (other videos may also work)
6. Inspect cookies and check that all are set to expire on exit.
7. Click the VideoDownload Helper icon, which you should find just to the left of the video title, above the video. Now pause the video (optional, I think).
8. Inspect cookies again.

Results
After step 8 you will have two new cookies called "downloadhelper.net" and "vidohe.com", set to expire some months in the future. When the browser is closed and reopened (and not just that window), the cookies will still be there.

Expected results
The cookies should be set to expire on closing.


Other information
Observed on Linux and Windows XP.  Video Downloadhelper v. 4.9.5.

Sometimes cookies are not set immediately, and you may have to wait up to a minute, or restart something.

This is superficially similar to Bug 636399, but that is for the Session Restore component, and presumably applies to cookies that are set to expire on closing. This bug is about allowing cookies with an incorrect expiration date.
Component: General → Networking: Cookies
Product: Firefox → Core
QA Contact: general → networking.cookies
Argh!  Step 2 should read,

"2. Tools > Downloadhelper > General > Behavior.  Make sure "Disable download count cookie" is unchecked (unchecked by default)."


The default setting should work, unless an extension update changes it.  I originally wrote exactly the opposite of what I intended.
extensions can do pretty much anything.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.