Firefox 52.0 security changes

Daniel Veditz dveditz at
Thu Mar 23 01:30:20 UTC 2017

I thought about that, but he seemed pretty certain the site never had a
secure (https:) page so why would it use "secure" cookies? An insecure
http: site couldn't use a "secure" cookie as an auth token because it would
never be reflected back to itself.  Bug 976073 would prevent new
insecure-secure cookies from being set or modified but would not "log you
out" by deleting existing ones.

-Dan Veditz

On Wed, Mar 22, 2017 at 5:41 PM, Ehsan Akhgari <ehsan.akhgari at>

> shipped in 52, as far
> as I can tell, and that is the kind of change that could be responsible for
> the kind of symptoms that Dean is describing.
> On Wed, Mar 22, 2017 at 5:09 PM, Daniel Veditz <dveditz at>
> wrote:
>> There shouldn't have been anything in 52 that affected your cookies (the
>> typical way sites keep you logged in). You'd have to ask other users of the
>> site whether it used to be available over https:// (we don't know, we
>> don't even know what site you're talking about). The only thing we did was
>> a UI change to highlight the fact that passwords were being sent over an
>> insecure connection.
>> -Dan Veditz
>> _______________________________________________
>> firefox-dev mailing list
>> firefox-dev at
> --
> Ehsan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the firefox-dev mailing list