Any account can be compromised

RESOLVED DUPLICATE of bug 345345

Status

()

Firefox
Untriaged
RESOLVED DUPLICATE of bug 345345
5 years ago
5 years ago

People

(Reporter: prashant sharma, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31

Steps to reproduce:

First login with your account (gmail, facebook, etc)using your credentials and we need to some how crash the Firefox or Cut off user connective with internet and force user to close browser.


Actual results:

now what attacker or malicious user have to do is use Firefox functionality "Restore Previous session " once previous session was restored attacker can use user authenticated session with was halted  last time (no matter user choose remember me functionality)


Expected results:

even if user click on restore previous session, all authenticated session's must be destroyed
(Reporter)

Updated

5 years ago
OS: Windows 7 → All
Hardware: x86 → All

Comment 1

5 years ago
You are basically concerned that session restore also restores the authenticated sessions? This doesn't need to be hidden since the scenario described in this bug requires someone to be physically at your computer to restore the previous session. For public use computers, there is a pref to disable restore session after a crash. 

This is basically a duplicate of Bug 345345. Read that to understand the basic history of this issue.

Thanks for reporting a bug. Please don't be discouraged!
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 345345
You need to log in before you can comment on or make changes to this bug.