Closed
Bug 119114
Opened 21 years ago
Closed 16 years ago
logging into hotmail: 6 dialogs
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Assigned: dveditz)
References
Details
(Keywords: meta)
Logging into Hotmail with a new profile yields 5 or 6 dialogs. My dad, who tried to use his Hotmail account shortly after I installed Mozilla on his computer, was not impressed. These are the dialogs: 1. Confirm: "Password manager can remember this logon and enter it automatically the next time you return to this website. Do you want password manager to remember this logon?" [Yes] [No] [Never for this site] 2. If I select 'yes', I get another dialog explaining how password storage works. (Bug 43503) [OK] 3. Security Warning: "The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?" (Note that #3 is really an https form in an http page. Bug 96556 covers the inaccurate warning.) [Continue] [Cancel]. 4. Security Warning (!): "You have requested an encrypted page. The web site has identified itself correctly, and information you see or enter on this page can't easily be read by a third party." [OK] 5. Security Warning: "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?" [Continue] [Cancel] 6. Security Warning: "You are about to leave an encrypted page. Information you send or receive from now on could easily be read by a third party." [OK] While most of these dialogs are one-time or can be "unchecked" easily, #5 never goes away, so the user will see it each time he logs into Hotmail. Sub-bugs: bug 43503 Remove dialog #2 [cf Steve Morse's comment, bug 44042 comment 3 and again in bug 43503 comment 1] bug 96556 Fix inaccuracy in #3 bug 119111 Make #4 less confusing bug 119112 Make #4, #5, and #6 not appear in the fast-redirect case. If the last bug can't be fixed, we'll have to evang microsoft to use a different login procedure (which will be especially difficult given that hotmail == passport == .net). Fixing the four sub-bugs would leave us with #1 (usually shown once per site) and a modified #3 (usually already "unchecked").
Reporter | ||
Updated•21 years ago
|
Comment 1•21 years ago
|
||
The people you should have cc'd on this report are Bob Lord's security team since they are responsible for the bulk of these dialogs -- namely 3, 4, 5, and 6.
Comment 2•21 years ago
|
||
For the record, there have been several bug reports about the CYA dialog for saving sensitive information. Here is a cross-reference list of them: 043503: Bad UI in "Saving Sensitive Information" dialog 102288: Wordings for password manager are specific to the application 117552: opening Site with PW opens annoyance window 117989: Save password shows alert that is vague 119114: logging into hotmail: 6 dialogs
Comment 3•21 years ago
|
||
Noticed this as well. I installed the latest Mozilla build on this fresh Win2000 install and I went to Hotmail, I didn't know whether to laugh or cry. Being swamped with so many confirmation dialogs was definately not fun.
Comment 4•20 years ago
|
||
It will be interesting to hear if customers using embedded browsers have to say also. I find the security warnings very confusing (particularly as many/most web mail services mix secure and insecure content on a page so the warning about content being read by anyone is very scary.) I believe these warnings are turned off by default in IE.
mls: please help.
Assignee: mpt → mstoltz
Component: User Interface Design → Security: General
QA Contact: zach → bsharma
Comment 7•20 years ago
|
||
What about having one single dialog for security issues with the option 'Show me again'?
Comment 8•20 years ago
|
||
Just logged in to netscape web mail. Got one popup informing and 4 popup with warnings. 5 popups for just logging in to a web mail, scary!
OS: Windows 98 → All
Hardware: PC → All
Comment 10•19 years ago
|
||
The new 1.4 Build will not allow me to access my hotmail account
Comment 11•19 years ago
|
||
I'm fine with 2004010908. Reporter, are you still seeing this problem?
Reporter | ||
Updated•17 years ago
|
Assignee: security-bugs → dveditz
QA Contact: bsharma → toolkit
Reporter | ||
Comment 12•16 years ago
|
||
I only get two dialogs with Firefox trunk and a new profile: entering an encrypted page and leaving an encrypted page. Both dialogs are one-time by default. Are there plans to remove or disable those dialogs? I don't think they're useful.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•