touch-packages team mailing list archive

Thread
Date

[Bug 1457405] Re: Unconditional sb-closed cookie incompatible with some sites

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Tuomas Heino <iheino+ub@xxxxxxxxx>
Date: Tue, 26 May 2015 13:09:03 -0000
Reply-to: Bug 1457405 <1457405@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Removed reference to one client of mine who happens to prefer security
by obscurity over crystal box approaches. Clarified description a little
bit as well and changed report to public. Test cases available on
request, although shouldn't really be needed unless we want to
white/blacklist this cookie per site.

** Description changed:

- The sb-closed cookie added by bug #1329799 fix breaks some sites like
- https://www.op.fi/op
- 
- Extraneous cookies get classified as potential malware by several SSL
- sites, but please keep this part private for now / edit this line out of
- summary before disclosing this report.
+ The sb-closed cookie added by bug #1329799 fix breaks sites using WAFs
+ that classify extra cookies as malware or cookie poisoning.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu.
https://bugs.launchpad.net/bugs/1457405

Title:
  Unconditional sb-closed cookie incompatible with some sites

Status in webbrowser-app package in Ubuntu:
  New

Bug description:
  The sb-closed cookie added by bug #1329799 fix breaks sites using WAFs
  that classify extra cookies as malware or cookie poisoning.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1457405/+subscriptions