firefox 3.0.1 can access my email after reboot without challenge, even though i asked it not to save passwords
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox-3.0 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: firefox-3.0
this behaviour changed in yesterday's bundle of patches on ubunto 8.04 and firefox 3.0.1.
after the reboot, i started firefox and selected 'restore previous session'. it opened both my gmail and my msn mail, and a protected page on a third website, without challenging me for a password, even though i never have firefox save my passwords.
previously to this update, after a system restart, i always got a password challenge when i selected 'restore previous session' from firefox, and it is the expected behaviour.
ProblemType: Bug
Architecture: i386
Date: Tue Aug 26 13:36:34 2008
DistroRelease: Ubuntu 8.04
Package: firefox-3.0 3.0.1+build1+
PackageArchitec
ProcEnviron:
PATH=/
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: firefox-3.0
Uname: Linux 2.6.24-19-generic i686
This becomes a serious thing to think about w.r.t single points of failure.
Scenario: Subject has M minutes of battery backup, in case of power failure.
One morning, Subject arrives at the office, and finds: that a tamper-evident seal on his office door was tampered. Investigating, he discovers that his workstation had restarted. He notifies the security admin of the irregularity, who tells him that there was a powerfail at some point in the night, because of a thunderstorm, and the power was off for M+K minutes. Security admin also says that Subject probably forgot to set the tamper-evident seal on his door as he left, the previous night, and that according to the access logs, only authorized people were in the building.
M+K could have been enough time to unplug and clone a hard drive. Should he be paranoid, that persistent information could have been copied, and later used to access presumed-secure offsite resources?