Closed
Bug 457321
Opened 16 years ago
Closed 13 years ago
nbtbank.com -- sniffing for "Firefox" causes non-Firefox browsers to fail to remember login information
Categories
(Tech Evangelism Graveyard :: English US, defect)
Tech Evangelism Graveyard
English US
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: mmclagan, Unassigned)
References
()
Details
(Whiteboard: [bank][login required])
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1 The site in question is the online banking for a NY State bank. The login process requires a userid, on a new computer it asks a verification question, then it asks for the password. Successful entries result in viewing the bank accounts, etc. The problem is, since updating to Firefox 3, the 2nd step doesn't work -- the bank *NEVER* recognises any PC using FF3 Linux. I always have to provide the login id, the verification and the password. Worse still, if I reboot the laptop into XP and use the standard FF3 distribution from http://www.mozilla.com/en-US/firefox/ the bank skips over the verification question -- it recognises that I've used the system to log in previously and just asks for a password. Reproducible: Always Steps to Reproduce: 1. 2. 3. I realize that this is probably next to impossible to work on -- I'm not about to hand over my userid/verification/password for my bank account! :) I have cleared all cookies, cleared all permissions, set very permissive access to the profile directory and files, basically everything I could short of reading code or capturing packets. It doesn't seem to be something simple. This occurred with both the Fedora 9 distribution version of Firefox and the official binary from mozilla.com.
Comment 1•16 years ago
|
||
I don't think we can anything about this. You should try a new profile on linux first http://kb.mozillazine.org/Profile_manager The next step would be to check the cookies that gets stored and if everything else fails to ask the bank.
Reporter | ||
Comment 2•15 years ago
|
||
The problem definitely lies with Firefox, as recent versions have confirmed. I use Fedora RPMs and regularly update. Some time around 3.0.6 or so, the problem with the 'id verification' disappeared. It was definitely worked properly in 3.0.8 (didn't keep asking the question) which I was using until about two hours ago. :( They updated to 3.0.9 (which I skipped) and 3.0.10 which I just installed and now it is broken again -- it asks the ID question every time. I'm going to see about getting copies of each of the RPMs so I can narrow the versions down, but I'm not hopeful that I can.
Comment 3•15 years ago
|
||
Nrror it down to an RPM doesn't help at all because you would testing fedora builds and not our builds. Fedora adds AFAIK their own patches in their builds.
Updated•15 years ago
|
Keywords: testcase-wanted
Reporter | ||
Comment 4•15 years ago
|
||
It's a guess, but reading the release notes suggests that the change may have come from https://bugzilla.mozilla.org/show_bug.cgi?id=470578. If I can find where it starts/stops working with RPMs it's a start!
Reporter | ||
Comment 5•15 years ago
|
||
I found Mozilla's own binary distributions. I downloaded 3.0.4 -> 3.0.10, removed Fedora's RPM and put the 7 versions into /usr/local/lib. I ran them against the same profile (no changes from run to run). The results are: 3.0.4 : Broken (asks for ID repeatedly) 3.0.5 : Broken 3.0.6 : Works (skips ID request) 3.0.7 : Works 3.0.8 : Works 3.0.9 : Works 3.0.10: Broken (again) I've got the source archives, I'll see if I can figure out something from the diffs (I have no idea of the code structure, so it's almost 100% guessing).
Comment 6•15 years ago
|
||
Check the nighlies between 3.0.9 to 3.0.10 to help track this down, you can find them at ftp://ftp.mozilla.org/pub/firefox/nightly/ categorized by date.
Reporter | ||
Comment 7•15 years ago
|
||
Please accept my apologies. I hope that nobody else has wasted nearly as much time as I have on this particular report/issue. I downloaded nearly 2 months worth of nightly builds (03/02 -> 04/23), they all failed. Very frustrating. It occurred to me to check the agent string on a local webserver and saw the builds were all using "GranParadiso/3.0.Xpre" so I accessed about:config and changed the general.useragent.extra.firefox to "Firefox 3.0.9". Lo and behold, it worked as expected. Turns out that it doesn't matter what I put in the extra string, as long as it contains "Firefox" and "3.0.[6-9]". Anything with "3.0.[0-5]" fails. It now reads: "Firefox/3.0.9; Broken by NBT see: https://bugzilla.mozilla.org/show_bug.cgi?id=457321" Since the agent string is the only variable that makes a difference, I'm changing the status and going back to doing something productive. Maybe they'll get the message!
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
Comment 8•15 years ago
|
||
->Over to TE.
Assignee: nobody → english-us
Status: RESOLVED → UNCONFIRMED
Component: General → English US
Keywords: testcase-wanted
Product: Firefox → Tech Evangelism
QA Contact: general → english-us
Resolution: INVALID → ---
Comment 9•15 years ago
|
||
Michael, would you be willing to work with us on this? The bank really ought to be sniffing for a specific Gecko version if they're going to insist on sniffing, but it doesn't seem to me that their use of sniffing here has any basis in need at all. If you are, please send the bank a TE letter: http://www.mozilla.org/projects/tech-evangelism/site/procedures.html#contacting and feel free to point them to this bug.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: x86 → All
Summary: Banking login handled differently in Linux versus XP → nbtbank.com -- sniffing for "Firefox" causes non-Firefox browsers to fail to remember login information
Updated•15 years ago
|
Blocks: geckoisgecko
Whiteboard: [bank][login required]
Reporter | ||
Comment 10•15 years ago
|
||
I sent the letter (which, btw, still refers to Firefox 2) about 15 minutes ago. I tried to follow the guidelines but the system won't allow me to make the sort of changes to the bug it suggested (assignment, milestone, etc).
Comment 11•15 years ago
|
||
Michael, thanks for doing that. A comment here that you sent the letter is good enough for now; please keep us posted and let us know if they respond. (If they haven't responded within a couple of weeks, you should probably send another letter.) cl
Comment 12•13 years ago
|
||
INCOMPLETE due to lack of activity since the end of 2009. If someone is willing to investigate the issues raised in this bug to determine whether they still exist, *and* work with the site in question to fix any existing issues, please feel free to re-open and assign to yourself. Sorry for the bugspam; filter on "NO MORE PRE-2010 TE BUGS" to remove.
Status: NEW → RESOLVED
Closed: 15 years ago → 13 years ago
Resolution: --- → INCOMPLETE
Updated•9 years ago
|
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•