Ok, Not sure if I am the first to see this (a quick google turned nothing up), but it is kind of apparent. I recently noticed a firefox vuln that deals with firefox's cookie handling, more specifically, single session cookie handling.

This is what happened:
1: went to hotmail with firefox with browser window #1, signed in, and checked my mail
2: opened some other site (say antionline.com) in browser window #2 (not tab mind you)
3: closed browser #1
4: went to hotmail.com in browser #2 to compose new Email and was automatically logged in. No password or anything.

this is my setup:
1: remember my user name (hotmail).
2: Windows XP with firefox: 1.0.4 revision: 1.7.8 (which I think is the most up-to-date)
3: In recreating this, I deleted all my cookies and offline content. Everything.

I tried to recreate this in IE, but to no avail. I think that this could be an issue. I mean some user logs in, then opens another window, closes the first and steps away from their desk. Anyone walking by could check their email just by going to hotmail.

Anyone care to help me out with this? Check your gmail or whatever web based email you have abd tell me what is going on here. I haven't looked at firefox's source yet, but I am going to study this (in several different enviroments).