Package: firefox Version: 68.0~b6-2 Severity: grave Tags: upstream security Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Firefox leaks sensitive information between private windows that should normally not share personal data. I logged into my company's Google account (*sigh*) in one private window, and helpfully immediately got that account information shared with a website opened in another private window, that congratulated me for now being signed in with my Google account. Why on earth did Firefox just leak my sensitive private data to another private mode website? - -- Package-specific info: - -- Addons package information - -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv:en:de_DE:de (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firefox depends on: ii debianutils 4.8.6.1 ii fontconfig 2.13.1-2 ii libasound2 1.1.8-1 ii libatk1.0-0 2.30.0-2 ii libc6 2.28-10 ii libcairo-gobject2 1.16.0-4 ii libcairo2 1.16.0-4 ii libdbus-1-3 1.12.16-1 ii libdbus-glib-1-2 0.110-4 ii libevent-2.1-6 2.1.8-stable-4 ii libffi6 3.2.1-9 ii libfontconfig1 2.13.1-2 ii libfreetype6 2.9.1-3 ii libgcc1 1:8.3.0-7 ii libgdk-pixbuf2.0-0 2.38.1+dfsg-1 ii libglib2.0-0 2.58.3-2 ii libgtk-3-0 3.24.5-1 ii libjsoncpp1 1.7.4-3 ii libnspr4 2:4.21-1 ii libnss3 2:3.44.0-1 ii libpango-1.0-0 1.42.4-6 ii libstartup-notification0 0.12-6 ii libstdc++6 8.3.0-7 ii libvpx5 1.7.0-3 ii libx11-6 2:1.6.7-1 ii libx11-xcb1 2:1.6.7-1 ii libxcb-shm0 1.13.1-2 ii libxcb1 1.13.1-2 ii libxcomposite1 1:0.4.4-2 ii libxdamage1 1:1.1.4-3+b3 ii libxext6 2:1.3.3-1+b2 ii libxfixes3 1:5.0.3-1 ii libxrender1 1:0.9.10-1 ii libxt6 1:1.1.5-1+b3 ii procps 2:3.3.15-2 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages firefox recommends: ii libavcodec57 7:3.4.3-1 ii libavcodec58 7:4.1.3-1 Versions of packages firefox suggests: ii fonts-lmodern 2.004.5-6 ii fonts-stix [otf-stix] 1.1.1-4 ii libcanberra0 0.30-7 ii libgssapi-krb5-2 1.17-2 ii libgtk2.0-0 2.24.32-3 ii pulseaudio 12.2-4 - -- no debconf information -----BEGIN PGP SIGNATURE----- iQKJBAEBCgBzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl0bIbsxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTylodMD/oDJhm4 gRR5+4sJDL2igFZQf4igtQrEL3TWD1c9AgkP1UHIEuVKojL8MkJLA5pGKDD+kFf8 92VHtKtiTjm1UTuZoDbsAoWFW3YxblZ5zsynzfK7Csrjxt6qOIYgGyzXuumPaeYl fLsn3I3IvaCViqWBkAu1Zzi+SrhVRwaonGIW8bTCuRVq0brTB2hJvttgmhFqA9Cl qKW1AoQ6h0ZUMB64ZzY4TkBaelOmpBYCsRrHvcKATVvd6LCkuGjaU//XkWa4fuqk rp/uXpWQD/73gFU+3cKWVNQId1v05oKf+u7gy7zK6E3AJL1ztECiThHz6fOg+uHy qrYFMODjEJxDxYlveqF0naclwJem4xvi3Uuv4mRy55D/5j3Oxl06eYjN9iF6yHnc H1EPxAF74GyPnn0+uD5xNZIkV155MxIhz7OBxWkEt0h5dRFvDocdp0G6vgSo+dZf dHqSiZUSY0K7kupJjg57QFNIqjal6ocTbko5JeXPtiXW9mP1gBnZ/0APdKqjJtno fxKF8HJ5OjcsxlfoNmhinhJUmR4p6aM7I5jXxUES5SfnSCj5jZPXpxhz6HPlhdr0 IzOirUXpeGygnAkAgHgIcgcv6kUfnJlVnraKjrnljLDxwzvB4S3LRmWWEK+e5mK/ NX8DOjEvM5RhpooD2a7mufDDjaTcBaqXLfTqzQ== =nVIP -----END PGP SIGNATURE-----
