User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31 Steps to reproduce: First login with your account (gmail, facebook, etc)using your credentials and we need to some how crash the Firefox or Cut off user connective with internet and force user to close browser. Actual results: now what attacker or malicious user have to do is use Firefox functionality "Restore Previous session " once previous session was restored attacker can use user authenticated session with was halted last time (no matter user choose remember me functionality) Expected results: even if user click on restore previous session, all authenticated session's must be destroyed
You are basically concerned that session restore also restores the authenticated sessions? This doesn't need to be hidden since the scenario described in this bug requires someone to be physically at your computer to restore the previous session. For public use computers, there is a pref to disable restore session after a crash. This is basically a duplicate of Bug 345345. Read that to understand the basic history of this issue. Thanks for reporting a bug. Please don't be discouraged!