Potential security issue with FF2

[Foamcow]

I love the restore function of FF2.
Opening the tabs you were using before a system crash is pretty useful.

However, I have just noticed something. It will need further testing but this is my observation from a recent experience.

I had a tab open with a webserver Cpanel session in it.
My system suffered a crash (yay).

When I restarted I had problems with my Bluetooth keyboard (never buy one) so it took me some time to actually get back into the machine.

When I launched FF2, it asked me if I wanted to restore the session. On doing so, it logged me right back in to the Cpanel.

Now it struck me that this could be an issue. Did it log me back in or was my initial session on the Cpanel still active. Either way, it didn't seem particularly good. What if you are using a public machine while browsing a secure/private page when the machine crashes? The next person logging in after reboot would potentially have access to your secure page.

Like I said, it needs more testing. Maybe it was a one off because my session hadn't expired.

<honk>*:O)</honk>
Designease Ltd. - polyprop folders, ring binders and creative presentation ideas
Earl & Thompson Marketing - Marketing Agency Services in Gloucestershire

 

[eyec]

FF saves passwords - i was reading that you can disable this option.

go to the Mozilla.org site & search for the info on this

 

[cmeagan656]

To disable password remembering in FF got to tools -> options and click on privacy. On the passwsords tab uncheck the box next to "remember passwords".

On the same tab, if you go into view saved passwords you can view which passwords are saved and which passwords are set to never be saved.

Cheers.

 

[Foamcow]

That's a dangerous default!

<honk>*:O)</honk>
Designease Ltd. - polyprop folders, ring binders and creative presentation ideas
Earl & Thompson Marketing - Marketing Agency Services in Gloucestershire

 

[eyec]

this is not new to FF2, it was also set in previous versions.

with all of the "debate" about browsers, sometimes the inner workings of things get overlooked.

 

[eyec]

that should be the Security Tab not Privacy Tab

 

[bcastner]

Did it log me back in or was my initial session on the Cpanel still active?

It logged you in.

You do require a password to logon to your computer, don't you?

What if you are using a public machine while browsing a secure/private page and the machine crashes?

Your warning is apt, although I have yet to see a public access machine using Firefox. (Most of the good, free, public access and kiosk applications are from the Bill and Melinda Gates Foundation.)

For various reasons I would not suggest using a public access computer for secure/private pages whether IE, Firefox, or something else.






____________________________
Users Helping Users

 

[cmeagan656]

It must depend on the version then. In FF 1.5.0.7 when you select tools ->options it gives you a choice of General, Privacy, Content, Tabs, Downloads, and Advanced. You need to select "Privacy" (its not a tab in the true sense of the word) and then click on the Passwords tab.

If FF 1.5.0.7 the security tab is under "advanced" and has no links to passwords.

Cheers.

 

[Foamcow]

All valid points.

I probably wouldn't use a public computer for anything sensitive either. But some people would. And with FF becoming more popular who can say what might be used?

Yes it was in the previous version, I recall now. I had it turned off. With the new install it seems to be on by default though. That seems a bit dodgy especially combined with the Restore feature.

<honk>*:O)</honk>
Designease Ltd. - polyprop folders, ring binders and creative presentation ideas
Earl & Thompson Marketing - Marketing Agency Services in Gloucestershire