This service will be undergoing maintenance at 20:00 UTC, 2017-04-03. It is expected to last about 30 minutes
Bug 169948 - websites you have not visited can set cookies on your computer
websites you have not visited can set cookies on your computer
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
8
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
pleaForReproductionFF3
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-05 12:55 EDT by Need Real Name
Modified: 2008-08-02 19:40 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-18 07:34:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2005-10-05 12:55:20 EDT
Description of problem:
epiphany allows websites you have not visited to set cookies on your computer.

If you the favicon file is loaded off the server, i.e. when the website is in
your toolbar, epiphany accepts the cookie automatically.

Steps to Reproduce:
1. Go to e.g. http://jamesthornton.com/
2. Bookmark it
3. Clear cookies
4. Start epiphany
5. Check cookies
  
Actual results:
See cookies.

Expected results:
No cookie.

Additional info:
Why is this a problem? Because the expectation is that cookies will be set only
when you explicitly visit a website.
Comment 1 Christopher Aillon 2006-03-07 19:07:52 EST
Why do you have this expectation?  Sites can do this already.  Simply doing an
<img src="foo"> where foo is on a web server that issues out cookies can do this.
Comment 2 Need Real Name 2006-03-08 02:33:51 EST
(In reply to comment #1)
> Why do you have this expectation?

Your example assumes you are visiting a web page. I'm not. Actually, I'm
visiting no web pages, but I still get a cookie.

My expectation is that a cookie will only be set when you visit a website.

Comment 3 Matěj Cepl 2007-12-10 04:24:50 EST
Fedora Core 6 is no longer supported, could you please reproduce this with the
updated version of the currently supported distribution (Fedora 7, 8, or
Rawhide)? If this issue turns out to still be reproducible, please let us know
in this bug report. If after a month's time we have not heard back from you, we
will have to close this bug as CANTFIX.

Setting status to NEEDINFO, and awaiting information from the reporter.

[This is mass-filed message to all open Fedora Core 6 bugs related to Xorg or
Gecko. If you see any other reason, why this bug shouldn't be closed, please,
comment on it here.]
Comment 4 Matěj Cepl 2007-12-10 13:06:35 EST
If this issue turns out to still be reproduceable in the latest updates for this
Fedora Core release, please file a bug report in the the upstream bugzilla
located at http://bugzilla.mozilla.org in the particular component.

Once you've filed your bug report to the upstream bugzilla, if you paste the new
bug URL here, Red Hat will continue to track the issue in the centralized
upstream bug tracker, and will review any bug fixes that become available for
consideration in future updates.

Setting status to NEEDINFO, and awaiting upstream bug report URL for tracking.

Thanks in advance.
Comment 5 Matěj Cepl 2007-12-10 13:10:31 EST
If this issue turns out to still be reproduceable in the latest updates for this
Fedora Core release, please file a bug report in the the upstream bugzilla
located at http://bugzilla.mozilla.org in the particular component.

Once you've filed your bug report to the upstream bugzilla, if you paste the new
bug URL here, Red Hat will continue to track the issue in the centralized
upstream bug tracker, and will review any bug fixes that become available for
consideration in future updates.

Setting status to NEEDINFO, and awaiting upstream bug report URL for tracking.

Thanks in advance.
Comment 6 Need Real Name 2007-12-10 13:39:24 EST
No.

Stop making it so much work to give you bug reports.

I bet less than ten percent of your millions of Fedora users give you bug
reports, and I bet you could really do with more.

If you don't want your existing bug reporters to stop reporting bugs, then stop
making them to tedious menial tasks that a computer should do.
If you would like this bug in an upstream bugzilla, please click the "transfer
to upstream bugzilla" button. If there isn't one, get someone to do it, it's
likely less than a days programming work.

And as a further kick in the teeth, before the more recent "give it to someone
else" comment, you do a mass close of bugs advising me to do something which is
wrong. Excellent.
Comment 7 Matěj Cepl 2008-02-08 15:43:04 EST
Since this bugzilla report was filed, we have seriously upgraded Gecko-related
packages, which may have resolved this issue. Users who have experienced this
problem are encouraged to upgrade their system to the latest version of their
distribution available.

Please, confirm to us that this bug is reproducible on the latest upgrade of the
supported distribution (that's RHEL, or Fedora 7, 8, and Rawhide).

Setting the bug to NEEDINFO. If I won't get confirmation of reproducability in
30 days, the bug will be closed as INSUFFICIENT_DATA.

[This is mass-changing of bugs which seem to be too old and irrelevant anymore;
we are sorry, if this bug should not be incldued.]
Comment 8 Matěj Cepl 2008-02-21 17:35:50 EST
At this point, we're going to only be taking security fixes and major stability
fixes into this release of Fedora.  However, we still want to ensure the bug is
fixed in the next version.  We'd appreciate if you could test Firefox 3,
available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping
as the default in Fedora rawhide and provide feedback as to whether it still
exists so we can file a ticket upstream to try to fix it in Firefox 3 before it
is released.
Comment 9 Matěj Cepl 2008-02-21 17:36:56 EST
At this point, we're going to only be taking security fixes and major stability
fixes into this release of Fedora.  However, we still want to ensure the bug is
fixed in the next version.  We'd appreciate if you could test Firefox 3,
available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping
as the default in Fedora rawhide and provide feedback as to whether it still
exists so we can file a ticket upstream to try to fix it in Firefox 3 before it
is released.
Comment 10 Need Real Name 2008-03-17 14:31:29 EDT
Fixed, I think (or the website behaves now..)
Comment 11 Matěj Cepl 2008-03-18 07:34:06 EDT
thanks for letting us know

Note You need to log in before you can comment on or make changes to this bug.