Closed
Bug 930830
Opened 11 years ago
Closed 11 years ago
Tab screenshots gives out all the secure logged in information of banks / payroll apps etc to the remote users even after logout
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 755996
People
(Reporter: sujay.thumma, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36 Steps to reproduce: Firefox 24 desktop version 1) Log into a bank account / payroll account etc 2) Log out 3) Open a new tab and verify all the screenshots captured by the browser which gives all the secure logged in details to the remote users Actual results: 1) Tabs captures all the screenshots of the secure details of the logged in bank details like account number / balance / credit card number / payroll information etc which gives all the secure logged in details to the remote users and makes it vulnerable 2) Please find attached screenshot Expected results: It should not take the exact screen shots of the all the logged in data as it is making the browser vulnerable to the remote users, who can check all the secure information even after logging out
|
||
Comment 2•11 years ago
|
||
Sujay, thanks for the report but this appears to be a duplicate of bug 755996. Also, you should be more careful about attaching screenshots.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Just adding some more information to this on why this issue is occurring, chrome only captures the first thumbnail of the website which is usually the home page of the application without any login, the issue here is Firefox instead of capturing just the first page it is trying to capture all the pages in an application so resulting in this issue.
You need to log in
before you can comment on or make changes to this bug.
Description
•