Closed
Bug 260988
Opened 20 years ago
Closed 12 years ago
favicon still loaded after canceling site load due to userpass warning
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jmd, Unassigned)
Details
Firefox 0.10, filing under "Browser" based on bug 122445.
Attempt to load jmd@pobox.com as a URL. You will receive a warning that you are
about to load the site "pobox.com" as the user "jmd". Click No, that it's not
OK. pobox.com will not be loaded, however, the favicon will be downloaded and
set as the icon for the tab (though it doesn't seem to be set in the URL bar
itself.)
Comment 1•20 years ago
|
||
The defensive auth dialogs came from bug 232567, not bug 122445
Assignee: dveditz → darin
Component: Security: General → Networking: HTTP
Comment 2•20 years ago
|
||
There are are several favicon bugs like this one, and opinion is divided
(to say the least) on how this should be handled.
FWIW, the favicon set up seems to me to be fundamentally broken (it seems
to work at the server level, and as you say can slip past authorization),
so I don't really see how it can be completely fixed; and though I agree
with you that 'Cancel' should mean 'Cancel' and 'No' should mean 'No' I
don't really feel that there is a real complaint if the browser displays
the bits if it has been able to acquire them.
Reporter | ||
Comment 3•20 years ago
|
||
> I don't really feel that there is a real complaint if the browser displays
> the bits if it has been able to acquire them.
I think even that qualifies as a bug, though admittedly minor, assuming there
are no security concerns (though you might make a case for privacy
concerns--clicking "No" still causes traffic to hit the potential phishing site,
revealing time/ip/os/browser to the attackers).
After clicking "No", you will have the previous page displayed in the browser
(say, this bugzilla page, but with the icon of the site you canceled the load of
(say, the bizarre heart logo of pobox.com) next to its tab. It's the mismatch
that's the issue. Again, a minor one, assuming the security and privacy
implications are judged to be not a concern.
Comment 4•20 years ago
|
||
I wholeheartedly agree with comment 3 - I am just doubtful of my
ability to convince anyone else of this.
There are roughly 94 favicon bugs in total,
and most of these ones have something
in common with this bug:
109959 110421 113430 116801 118448
120304 121518 133755 162893 163109
186532 238348 240795 242512 250458
252540 253045 255085 255188 258461
Comment 5•20 years ago
|
||
Favicons are downloaded and set completely in the front end code; HTTP has
nothing to do with it.
Assignee: darin → firefox
Component: Networking: HTTP → General
Product: Browser → Firefox
QA Contact: firefox.general
Comment 6•20 years ago
|
||
This looks to me like its a dupe of bug 258461.
Comment 7•18 years ago
|
||
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20060509 Minefield/3.0a1
This bug is well over a year old. It looks like a special case of Bug 258461
"Canceling page load results in incorrect favicon displaying on the tab bar",
but I suspect that the reporter wanted a fix specifically for the phishing
implications of this one, even if the wider work for that bug took longer.
I suspect that a fix for that bug would close this one, but that bug also
looks inactive.
If it is really intended to leave these bugs unfixed, then you might want to state why and mark as WONTFIX or FUTURE.
Updated•18 years ago
|
Assignee: bross2 → nobody
Comment 8•12 years ago
|
||
I am unable to reproduce this bug, testing jared@msu.edu on a new tab in Firefox Nightly 21.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•