We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Овај сајт ће имати ограничену функционалност док га будемо ажурирали у циљу побољшања вашег искуства. Ако неки чланак не реши ваш проблем и желите да поставите питање, на располагању ће вам бити наше заједнице подршке @FirefoxSupport на Twitter-у и /r/firefox на Reddit-у.

Avatar for Username

Претражи подршку

Избегните преваре подршке. Никада од вас нећемо тражити да зовете или шаљете поруке на број или да делите личне податке. Пријавите сумњиве радње преко „Пријавите злоупотребу” опције.

Сазнај више

Ова тема је архивирана. Питајте друго питање ако вам је потребна помоћ.

Can still access password protected sites after log off

  • 2 одговорa
  • 1 има овај проблем
  • 5 прегледа
  • Последњи одговор послао TyDraniu

JonNC
JonNC
more options

Using FF57. If you have the tabs set to "remember tabs from prior session on startup", you can still access password-protected sites.

Scenario: you access your banking website, log in with userid and password. If you close down Firefox with the "remember tabs" set on, you will still be able to access the banking website: 1) if you log out of the banking website and close down Firefox, when you go back in to Firefox you are taken to the "logged out" screen, but you can still scroll back and Firefox will take you to the banking site still logged in; 2) if you don't log out of the banking website and you close down Firefox, when you go back into Firefox, the banking website is still logged in ... full access to the secure site.

MAJOR SECURITY FLAW!! I have stopped using FF57 until this is fixed.

Using FF57. If you have the tabs set to "remember tabs from prior session on startup", you can still access password-protected sites. Scenario: you access your banking website, log in with userid and password. If you close down Firefox with the "remember tabs" set on, you will still be able to access the banking website: 1) if you log out of the banking website and close down Firefox, when you go back in to Firefox you are taken to the "logged out" screen, but you can still scroll back and Firefox will take you to the banking site still logged in; 2) if you don't log out of the banking website and you close down Firefox, when you go back into Firefox, the banking website is still logged in ... full access to the secure site. MAJOR SECURITY FLAW!! I have stopped using FF57 until this is fixed.

Сви одговори (2)

TyDraniu
TyDraniu
  • Top 10 Contributor
more options

Looks like you're right.

TyDraniu
TyDraniu
  • Top 10 Contributor
more options

But... such behaviour wasn't introduced in 57. You have to clear cookies on exit to prevent being logged in after restart.

https://support.mozilla.org/en-US/kb/settings-privacy-browsing-history-do-not-track#w_use-custom-settings-for-history

Измењено од стране TyDraniu