p.fleetonlinesolutions.com supports Export suites, is POODLE vulnerable

ASSIGNED
Assigned to

Status

P5
normal
ASSIGNED
4 years ago
10 months ago

People

(Reporter: gustavo, Assigned: adamopenweb, NeedInfo)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sitewait], URL)

Attachments

(3 attachments)

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0
Build ID: 20141013200257

Steps to reproduce:

1.Go to: https://p.fleetonlinesolutions.com/
2.Login with your creds
3.Verify that the site doesn't render properly (content misformated)


Actual results:

The site doesn't render properly - the content is misformated. Tables and menus are unusable.


Expected results:

The site should render properly.
(Reporter)

Comment 1

4 years ago
I used the excellent mozregression tool and got this result:

16:36.38 LOG: MainThread Bisector INFO Last good revision: 40a228f74389 (2013-04-05)
16:36.38 LOG: MainThread Bisector INFO First bad revision: 768af8d8fad4 (2013-04-06)
16:36.38 LOG: MainThread Bisector INFO Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=40a228f74389&tochange=768af8d8fad4
(Reporter)

Comment 2

4 years ago
Created attachment 8533691 [details]
goodyear-bad.png

Bad rendering on recent versions of Firefox.
(Reporter)

Comment 3

4 years ago
Created attachment 8533692 [details]
goodyear-good.png

OK rendering on old versions of Firefox.
(Reporter)

Comment 4

4 years ago
I found during the bissection that in some versions Firefox would popup this message:

"Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?"

so I wonder if this is security related.

I'm attaching an archive with the html/css/js content.
(Reporter)

Comment 5

4 years ago
I got it:

https://bugzilla.mozilla.org/show_bug.cgi?id=834836

security.mixed_content.block_active_content was set to true by default -> therefore this web portal stopped working.
(Reporter)

Comment 6

4 years ago
I will report this to the website owner. The information on this bug will help other users of the same portal technology.

Comment 7

4 years ago
Created attachment 8537120 [details]
Secure Connection Failed error

bugday-20141216 : Secure Connection Failed Error occurs for https://p.fleetonlinesolutions.com/ on firefox.
Flags: needinfo?(pratyasmitamishra)
(Reporter)

Comment 8

4 years ago
@pratyasmitamishra@gmail.com

That website has yet another problem which is the ssl version that is considered to be unsafe and no longer accepted by default from Firefox 34 on!

So, to even reach the login screen one must set

security.tls.version.min   -> 0
Component: Untriaged → Security: PSM
Product: Firefox → Core
That site has a huge list of things wrong with it: https://www.ssllabs.com/ssltest/analyze.html?d=p.fleetonlinesolutions.com (one of which is it only uses SSL 3.0, which is not secure)
Blocks: 1085138
Component: Security: PSM → Desktop
Product: Core → Tech Evangelism
Version: 33 Branch → unspecified

Comment 10

4 years ago
Morphing this bug to be specific to https://p.fleetonlinesolutions.com, because so far all comments have been specific to this site.

Regardless, the site now supports TLS 1.0 (but still has other issues).
No longer blocks: 1085138
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: x86_64 → All
Summary: Goodyear Portal based on SAP Netweaver doesn't render → p.fleetonlinesolutions.com supports Export suites, is POODLE vulnerable
https://www.ssllabs.com/ssltest/analyze.html?d=p.fleetonlinesolutions.com
Still a lot of issues.

The markup of this page is… interesting. :)


SAP Netweaver Portal
It's a portal system which has its templates pre-2000 I guess
 EPCF: Component com.sap.portal.runtime.logon.certlogon, phlpeidpcfdmhelnjkcfbdfgneobpldk 

/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/FOS_com_goodyear/prtl_std/prtl_std_nn7.css?7.2.11.0.2

The why I was looking at that is we will be able to find contact information AND on our chances to get it fixed. If not we can close it as WONTFIX.

At least the domain really belongs to Goodyear.
There is an email address for the domain name dns_admin@goodyear.com

There is a contact form 
https://corporate.goodyear.com/en-US/about/contact-goodyear-corporate.html

for customer assistance.

I will switch to contactready
feel free to contact them
and change the keyword to sitewait when done.
Whiteboard: [contactready]
(Assignee)

Comment 12

2 years ago
I completed the contact form and provided information about this bug report. I'm not very optimistic that this will get fixed, but it's worth trying.
Assignee: nobody → astevenson
Status: NEW → ASSIGNED
Whiteboard: [contactready] → [sitewait]
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.