[Bug 283650] Re: flashplugin-nonfree permanent cookies
Daniel T Chen
crimsun at fungus.sh.nu
Wed Oct 15 19:20:27 UTC 2008
While the attack coverage is certainly high, your proposal of
unconditionally (forcibly) removing ~/.macromedia/Flash_Player on each
login is incorrect. Imagine this scenario on a fresh boot:
1) Log in via gnome-session;
2) Open Web browser, and load embedded Flash that uses cookies;
3) Switch to tty1
4) Switch to tty7
If the Flash applet has not completed loading between steps (2) and (3),
you've just blown away the cookie(s).
Trivially, the "remove on logout" proposal is analogous.
However, as a brutish hack, one could use gnome-session to invoke such a
script running upon session login that forcibly removes the cookies.
** Changed in: flashplugin-nonfree (Ubuntu)
Importance: Undecided => Low
--
flashplugin-nonfree permanent cookies
https://bugs.launchpad.net/bugs/283650
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to flashplugin-nonfree in ubuntu.
More information about the Ubuntu-mozillateam-bugs
mailing list