All Altria (Philip Morris tobacco) websites do not allow access to the website when using Firefox for Android

RESOLVED FIXED

Status

Tech Evangelism
Mobile
RESOLVED FIXED
4 years ago
2 years ago

People

(Reporter: kbrosnan, Assigned: karlcow)

Tracking

Trunk
All
Android

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [countr-all][serversniff][contactready], URL)

(Reporter)

Description

4 years ago
https://www.lm.com/, https://www.blackandmild.com/ , https://www.marlboro.com and https://www.skoal.com cannot be accessed by Firefox for Android. I was unable to find an exhaustive list of Altria websites.

Using an Android browser user agent allows access to login to the website.
Yep, some kind of server sniffing in place:

$ http --print=Hh GET https://www.marlboro.com/marlboro/ User-Agent:"$FFA"
GET /marlboro/ HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, compress
Host: www.marlboro.com
User-Agent: Mozilla/5.0 (Android; Mobile; rv:30.0) Gecko/30.0 Firefox/30.0

HTTP/1.1 302 Moved Temporarily
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Language: en-US
Content-Length: 0
Content-Type: text/plain
Date: Mon, 28 Jul 2014 18:32:32 GMT
Expires: Mon, 28 Jul 2014 18:32:32 GMT
Location: https://www.marlboro.com/misc/devicecompat-marlboro.html
Pragma: no-cache

Should we market this as a "safe surfing" feature? :|
Whiteboard: [countr-all][serversniff][contactready]
(Reporter)

Comment 2

4 years ago
I forgot to mention that I found this from https://support.mozilla.org/en-US/questions/1012705 I also found some contact info for the site.

Q: I've checked site requirements and settings. Everything is set as suggested but I still can't view the site. What should I do now?

A: If you're experiencing difficulty with the site, please call call 1-877-733-7325, 9:00 am to 10:00 pm ET, Monday through Friday; and 9:00 am to 5:00 pm ET, Saturday excluding Sundays and holidays for assistance. A Customer Service Representative will request information about your computer system
(Assignee)

Comment 3

4 years ago
The customer service will be probably useless. Not because of their competences, but because it's not the type of issues they can address. We need to find what is the Web agency which made these Web sites and/or the people in charge of the Web sites in these companies.

Altria Corporate Web site is
http://www.altria.com/Pages/default.aspx

All their IT jobs seems related to the software infrastructure of the company but not the Web
http://www.altria.com/Careers/Pages/default.aspx

So the site has high chances to be made outside, but we need to find out.

The domain names belong to 

* pmusa.com, marlboro.com, 
Philip Morris, 615 Maury Street, Richmond, VA, USA.

* blackandmild.com, skoal.com, lm.com
Altria Client Services Inc., 615 Maury Street, Richmond, VA, USA.

There's the same pattern for all Web sites
Location: https://www.lm.com/misc/devicecompat.html
Location: https://www.skoal.com/misc/devicecompat.html

Except for blackandmild which gives a 200 OK but with a 'Location:' I guess a server configuration mistake.

→ http --print=Hh GET https://www.blackandmild.com/blackandmild/login_input.action "User-Agent: Mozilla/5.0 (Android; Mobile; rv:30.0) Gecko/30.0 Firefox/30.0"
GET /blackandmild/login_input.action HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: www.blackandmild.com
User-Agent:  Mozilla/5.0 (Android; Mobile; rv:30.0) Gecko/30.0 Firefox/30.0

HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Language: en-US
Content-Length: 1840
Content-Type: text/html;charset=ISO-8859-1
Date: Thu, 07 Aug 2014 07:28:13 GMT
Expires: Thu, 07 Aug 2014 07:28:13 GMT
Location: /blackandmild/login_input.action
Pragma: no-cache
Set-Cookie: JSESSIONID=00001zyzEsElVn1SaaHv90nq-it:14sivec4b; Path=/
Set-Cookie: gDomain=statse.webtrendslive.com; Path=/; Secure
Set-Cookie: gDcsId=dcsihiij0wz5bdetxdbt6zje3_4l2l; Path=/; Secure
Set-Cookie: _gOndId=102-h39m4u5c; Path=/; Secure
Vary: Accept-Encoding



There are chances that for Philip Morris at least it is going through "SQLI Group"
https://www.linkedin.com/in/aldoferrari
https://www.linkedin.com/in/christopherenaut
Assignee: nobody → kdubost
Status: NEW → ASSIGNED
(Assignee)

Comment 4

4 years ago
Ah! things we learn when doing Web Compatibility 
"In 2008, Altria Group (MO) spun-off Philip Morris International (PM), breaking up the world's largest cigarette company."
(Assignee)

Comment 5

4 years ago
Altria Brands
http://www.altria.com/About-Altria/Our-Companies-and-Their-Brands/Pages/default.aspx?src=topnav

Philip Morris International Brands
http://www.pmi.com/eng/our_products/pages/our_brands.aspx

So the Web sites seem to be more on the side of PMI than Altria.
(Assignee)

Comment 6

2 years ago
fixed
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.