Ubuntu RTM
webbrowser-app package

Unconditional sb-closed cookie incompatible with some sites

Bug #1457405 reported by Tuomas Heino
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
webbrowser-app (Ubuntu)
Confirmed
Medium
Unassigned
webbrowser-app (Ubuntu RTM)
Confirmed
Medium
Unassigned

Bug Description

The sb-closed cookie added by bug #1329799 fix breaks sites using WAFs that classify extra cookies as malware or cookie poisoning.

See original description
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for reporting this issue.

I'm not sure I understand what part of this bug you would like to keep private, could you elaborate?

Revision history for this message
Tuomas Heino (iheino+ub) wrote :

Removed reference to one client of mine who happens to prefer security by obscurity over crystal box approaches. Clarified description a little bit as well and changed report to public. Test cases available on request, although shouldn't really be needed unless we want to white/blacklist this cookie per site.

description: updated
information type: Private Security → Public
Revision history for this message
Olivier Tilloy (osomon) wrote :

This could be fixed by adding @include directives to the user script (smartbanners.js) to whitelist this cookie per site.

Changed in webbrowser-app (Ubuntu):
status: New → Confirmed
Changed in webbrowser-app:
status: New → Confirmed
importance: Undecided → Medium
Olivier Tilloy (osomon)
Changed in webbrowser-app (Ubuntu):
importance: Undecided → Medium
no longer affects: webbrowser-app
Changed in webbrowser-app (Ubuntu RTM):
status: New → Confirmed
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.