Firefox 52.0 security changes

Daniel Veditz dveditz at mozilla.com
Thu Mar 23 01:30:20 UTC 2017


I thought about that, but he seemed pretty certain the site never had a
secure (https:) page so why would it use "secure" cookies? An insecure
http: site couldn't use a "secure" cookie as an auth token because it would
never be reflected back to itself.  Bug 976073 would prevent new
insecure-secure cookies from being set or modified but would not "log you
out" by deleting existing ones.

-Dan Veditz

On Wed, Mar 22, 2017 at 5:41 PM, Ehsan Akhgari <ehsan.akhgari at gmail.com>
wrote:

> https://bugzilla.mozilla.org/show_bug.cgi?id=976073 shipped in 52, as far
> as I can tell, and that is the kind of change that could be responsible for
> the kind of symptoms that Dean is describing.
>
> On Wed, Mar 22, 2017 at 5:09 PM, Daniel Veditz <dveditz at mozilla.com>
> wrote:
>
>> There shouldn't have been anything in 52 that affected your cookies (the
>> typical way sites keep you logged in). You'd have to ask other users of the
>> site whether it used to be available over https:// (we don't know, we
>> don't even know what site you're talking about). The only thing we did was
>> a UI change to highlight the fact that passwords were being sent over an
>> insecure connection.
>>
>> -Dan Veditz
>>
>> _______________________________________________
>> firefox-dev mailing list
>> firefox-dev at mozilla.org
>> https://mail.mozilla.org/listinfo/firefox-dev
>>
>>
>
>
> --
> Ehsan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/firefox-dev/attachments/20170322/a2bbe0b1/attachment.html>


More information about the firefox-dev mailing list