Bug#682369: iceweasel: Tough cookie
Robert Munyer
4539632595 at munyer.com
Fri May 16 10:47:57 UTC 2014
Control: found -1 24.5.0esr-1~deb7u1
Control: tags -1 security
Bug still present in Iceweasel 24.5, in Debian 7.5 "wheezy".
Because this bug can cause retention of data which the user
has explicitly commanded must not be retained (and then allow
exfiltration of the illegitimately retained data to a foreign
host!), I believe it needs the "security" tag.
To replicate the bug in Iceweasel 24.5.0esr-1~deb7u1:
Open Iceweasel.
Configure Iceweasel thus:
Edit
Preferences
Privacy
History
Iceweasel will: Use custom settings for history
Accept cookies from sites
Keep until: I close Iceweasel
Browse to http://noscript.net/features .
Click the "Go back one page" button.
Close Iceweasel.
After the preceding steps, the cookie must not exist.
To see that it does exist, continue with the following steps:
Open Iceweasel.
Click "Restore Previous Session".
View cookies:
Edit
Preferences
Privacy
History
Show Cookies...
More information about the pkg-mozilla-maintainers
mailing list