Closed Bug 225794 Opened 21 years ago Closed 21 years ago

Crash after username/password login dialogue in MS webmail

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 222849

People

(Reporter: lizal, Assigned: security-bugs)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5) Gecko/20031007
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5) Gecko/20031007

Crash occurs after "username/password login" dialogue in MS webmail interface.

Reproducible: Always

Steps to Reproduce:
1.Accept security certificate
2.Fill in login dialogue window
3.Click "OK" -> Crash

Actual Results:  
Crash

Expected Results:  
Login to the webmail server

The crash occured after "updating" the w98. Ocuurs for versions of Mozilla:
1.5rc2, 1.5final, 1.6 alpha

Talback ID: TB25616704E

No problems with IE5.5 or NN4.x versions.
No problems with Win XP (Moz 1.5-final); crash is only Win98SE.
i don't see anything security sensitive about this bug report.  reporter: is
there something in this bug report that you don't want to have publicized?  what
are your reasons for filing a security sensitive bug report?

also, could you please try a build from

  ftp://ftp.mozilla.org/pub/mozilla.org/mozilla/nightly/latest-trunk/

preferrably one of the more recent WIN32 builds.  mozilla-win32-installer.exe is
usually up-to-date.

if that continues to crash, can you please provide a HTTP log?  steps to do so
can be found here:

  http://www.mozilla.org/projects/netlib/http/http-debugging.html

thanks!!
The reson for security bug were that 
1. the dialogue form before crash contasined both username and password
2. the crash ocurred in "secur32.dll" library
(i.e., just beofre the secured transaction begins).
3. I just wanted to be sure that both username and password do not appear in
"wild" while tracing the bug stack...
(It happened to me with other bug in the past- real names and addresses were
disclosed)
>1. the dialogue form before crash contasined both username and password

this bug does not seem to contain that username/password...

anyway, secur32.dll sounds like NTLM. darin, does that mean your ntlm patch
fixed this?
indeed.  this sounds like a duplicate of bug 222849.

*** This bug has been marked as a duplicate of 222849 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
opening up this bug report.  there is nothing sensitive here.  the talkback data
is currently in the hands of AOL, and i don't think anyone will be posting
talkback data here.
Group: security
You need to log in before you can comment on or make changes to this bug.