Red Hat Bugzilla – Bug 169948
websites you have not visited can set cookies on your computer
Last modified: 2018-04-11 11:54:49 EDT
Description of problem:
epiphany allows websites you have not visited to set cookies on your computer.
If you the favicon file is loaded off the server, i.e. when the website is in
your toolbar, epiphany accepts the cookie automatically.
Steps to Reproduce:
1. Go to e.g. http://jamesthornton.com/
2. Bookmark it
3. Clear cookies
4. Start epiphany
5. Check cookies
Why is this a problem? Because the expectation is that cookies will be set only
when you explicitly visit a website.
Why do you have this expectation? Sites can do this already. Simply doing an
<img src="foo"> where foo is on a web server that issues out cookies can do this.
(In reply to comment #1)
> Why do you have this expectation?
Your example assumes you are visiting a web page. I'm not. Actually, I'm
visiting no web pages, but I still get a cookie.
My expectation is that a cookie will only be set when you visit a website.
Fedora Core 6 is no longer supported, could you please reproduce this with the
updated version of the currently supported distribution (Fedora 7, 8, or
Rawhide)? If this issue turns out to still be reproducible, please let us know
in this bug report. If after a month's time we have not heard back from you, we
will have to close this bug as CANTFIX.
Setting status to NEEDINFO, and awaiting information from the reporter.
[This is mass-filed message to all open Fedora Core 6 bugs related to Xorg or
Gecko. If you see any other reason, why this bug shouldn't be closed, please,
comment on it here.]
If this issue turns out to still be reproduceable in the latest updates for this
Fedora Core release, please file a bug report in the the upstream bugzilla
located at http://bugzilla.mozilla.org in the particular component.
Once you've filed your bug report to the upstream bugzilla, if you paste the new
bug URL here, Red Hat will continue to track the issue in the centralized
upstream bug tracker, and will review any bug fixes that become available for
consideration in future updates.
Setting status to NEEDINFO, and awaiting upstream bug report URL for tracking.
Thanks in advance.
Stop making it so much work to give you bug reports.
I bet less than ten percent of your millions of Fedora users give you bug
reports, and I bet you could really do with more.
If you don't want your existing bug reporters to stop reporting bugs, then stop
making them to tedious menial tasks that a computer should do.
If you would like this bug in an upstream bugzilla, please click the "transfer
to upstream bugzilla" button. If there isn't one, get someone to do it, it's
likely less than a days programming work.
And as a further kick in the teeth, before the more recent "give it to someone
else" comment, you do a mass close of bugs advising me to do something which is
Since this bugzilla report was filed, we have seriously upgraded Gecko-related
packages, which may have resolved this issue. Users who have experienced this
problem are encouraged to upgrade their system to the latest version of their
Please, confirm to us that this bug is reproducible on the latest upgrade of the
supported distribution (that's RHEL, or Fedora 7, 8, and Rawhide).
Setting the bug to NEEDINFO. If I won't get confirmation of reproducability in
30 days, the bug will be closed as INSUFFICIENT_DATA.
[This is mass-changing of bugs which seem to be too old and irrelevant anymore;
we are sorry, if this bug should not be incldued.]
At this point, we're going to only be taking security fixes and major stability
fixes into this release of Fedora. However, we still want to ensure the bug is
fixed in the next version. We'd appreciate if you could test Firefox 3,
available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping
as the default in Fedora rawhide and provide feedback as to whether it still
exists so we can file a ticket upstream to try to fix it in Firefox 3 before it
Fixed, I think (or the website behaves now..)
thanks for letting us know