lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: pjp at paulo-pereira.net (Paulo Pereira)
Subject: Gmail anomaly

Micheal,

you can use the "Web Developer Extension" to delete domain cookies
whenever you want.

Paulo Pereira


<quote who="Micheal Espinola Jr">
> Yep, something is awry with Firefox's cookie management.  it pisses me
> off.  I disconnect from a site (close the browser), but the next time
> I open FF,  all my cookies are acting as if they are still live.
>
> The Maxthon add-on for IE does the same thing
>
> Its annoying as hell when you are testing web apps.
>
>
> On Thu, 18 Nov 2004 16:33:07 -0800, ifconfig_xl0 <intxl0@...il.com> wrote:
>> This is not a security risk but a weirdness worth noting. I reported
>> it as a bug to gmail but im not sure if its a bug on their part it may
>> be firefox not doing something right.
>>
>> If you open  two gmail accounts in two different firebird/fox browsers
>> the first account logged into after a refresh becomes the second
>> acccount. Or if you send an e-mail with the second account, it may
>> send as the first and refresh back as account1.
>>
>> So if you login with GmailAccount1 and then open another browser and
>> log into GA2, go back to GA1 browser and hit refresh, GA1 will be in
>> the mailbox of GA2.
>>
>> This obviously is not a security risk because the mailbox was already
>> logged into, but I still thought it was a weird thing to do. It doesnt
>> act that way with internet exploder though so it must be something
>> with Firefox ...
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>
>
> --
> ME2
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


-- 
Paulo Jorge Pereira
IP Network Engineering, CCIE 6372

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ