p.fleetonlinesolutions.com supports Export suites, is POODLE vulnerable

Assigned to


4 years ago
10 months ago


(Reporter: gustavo, Assigned: adamopenweb, NeedInfo)


Firefox Tracking Flags

(Not tracked)


(Whiteboard: [sitewait], URL)


(3 attachments)



4 years ago
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0
Build ID: 20141013200257

Steps to reproduce:

1.Go to: https://p.fleetonlinesolutions.com/
2.Login with your creds
3.Verify that the site doesn't render properly (content misformated)

Actual results:

The site doesn't render properly - the content is misformated. Tables and menus are unusable.

Expected results:

The site should render properly.

Comment 1

4 years ago
I used the excellent mozregression tool and got this result:

16:36.38 LOG: MainThread Bisector INFO Last good revision: 40a228f74389 (2013-04-05)
16:36.38 LOG: MainThread Bisector INFO First bad revision: 768af8d8fad4 (2013-04-06)
16:36.38 LOG: MainThread Bisector INFO Pushlog:

Comment 2

4 years ago
Created attachment 8533691 [details]

Bad rendering on recent versions of Firefox.

Comment 3

4 years ago
Created attachment 8533692 [details]

OK rendering on old versions of Firefox.

Comment 4

4 years ago
I found during the bissection that in some versions Firefox would popup this message:

"Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?"

so I wonder if this is security related.

I'm attaching an archive with the html/css/js content.

Comment 5

4 years ago
I got it:


security.mixed_content.block_active_content was set to true by default -> therefore this web portal stopped working.

Comment 6

4 years ago
I will report this to the website owner. The information on this bug will help other users of the same portal technology.

Comment 7

4 years ago
Created attachment 8537120 [details]
Secure Connection Failed error

bugday-20141216 : Secure Connection Failed Error occurs for https://p.fleetonlinesolutions.com/ on firefox.
Flags: needinfo?(pratyasmitamishra)

Comment 8

4 years ago

That website has yet another problem which is the ssl version that is considered to be unsafe and no longer accepted by default from Firefox 34 on!

So, to even reach the login screen one must set

security.tls.version.min   -> 0
Component: Untriaged → Security: PSM
Product: Firefox → Core
That site has a huge list of things wrong with it: https://www.ssllabs.com/ssltest/analyze.html?d=p.fleetonlinesolutions.com (one of which is it only uses SSL 3.0, which is not secure)
Blocks: 1085138
Component: Security: PSM → Desktop
Product: Core → Tech Evangelism
Version: 33 Branch → unspecified

Comment 10

4 years ago
Morphing this bug to be specific to https://p.fleetonlinesolutions.com, because so far all comments have been specific to this site.

Regardless, the site now supports TLS 1.0 (but still has other issues).
No longer blocks: 1085138
Ever confirmed: true
OS: Linux → All
Hardware: x86_64 → All
Summary: Goodyear Portal based on SAP Netweaver doesn't render → p.fleetonlinesolutions.com supports Export suites, is POODLE vulnerable
Still a lot of issues.

The markup of this page is… interesting. :)

SAP Netweaver Portal
It's a portal system which has its templates pre-2000 I guess
 EPCF: Component com.sap.portal.runtime.logon.certlogon, phlpeidpcfdmhelnjkcfbdfgneobpldk 


The why I was looking at that is we will be able to find contact information AND on our chances to get it fixed. If not we can close it as WONTFIX.

At least the domain really belongs to Goodyear.
There is an email address for the domain name dns_admin@goodyear.com

There is a contact form 

for customer assistance.

I will switch to contactready
feel free to contact them
and change the keyword to sitewait when done.
Whiteboard: [contactready]

Comment 12

2 years ago
I completed the contact form and provided information about this bug report. I'm not very optimistic that this will get fixed, but it's worth trying.
Assignee: nobody → astevenson
Whiteboard: [contactready] → [sitewait]
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.