Closed
Bug 119114
Opened 23 years ago
Closed 18 years ago
logging into hotmail: 6 dialogs
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Assigned: dveditz)
References
Details
(Keywords: meta)
Logging into Hotmail with a new profile yields 5 or 6 dialogs. My dad, who
tried to use his Hotmail account shortly after I installed Mozilla on his
computer, was not impressed. These are the dialogs:
1. Confirm: "Password manager can remember this logon and enter it
automatically the next time you return to this website. Do you want password
manager to remember this logon?"
[Yes] [No] [Never for this site]
2. If I select 'yes', I get another dialog explaining how password storage
works. (Bug 43503)
[OK]
3. Security Warning: "The information you have entered is to be sent over an
unencrypted connection and could easily be read by a third party. Are you sure
you want to continue sending this information?" (Note that #3 is really an
https form in an http page. Bug 96556 covers the inaccurate warning.)
[Continue] [Cancel].
4. Security Warning (!): "You have requested an encrypted page. The web site
has identified itself correctly, and information you see or enter on this page
can't easily be read by a third party."
[OK]
5. Security Warning: "Although this page is encrypted, the information you have
entered is to be sent over an unencrypted connection and could easily be read
by a third party. Are you sure you want to continue sending this information?"
[Continue] [Cancel]
6. Security Warning: "You are about to leave an encrypted page. Information
you send or receive from now on could easily be read by a third party."
[OK]
While most of these dialogs are one-time or can be "unchecked" easily, #5 never
goes away, so the user will see it each time he logs into Hotmail.
Sub-bugs:
bug 43503 Remove dialog #2
[cf Steve Morse's comment, bug 44042 comment 3 and again in bug 43503 comment
1]
bug 96556 Fix inaccuracy in #3
bug 119111 Make #4 less confusing
bug 119112 Make #4, #5, and #6 not appear in the fast-redirect case.
If the last bug can't be fixed, we'll have to evang microsoft to use a
different login procedure (which will be especially difficult given that
hotmail == passport == .net).
Fixing the four sub-bugs would leave us with #1 (usually shown once per site)
and a modified #3 (usually already "unchecked").
|
Reporter | |
Updated•23 years ago
|
|
||
Comment 1•23 years ago
|
||
The people you should have cc'd on this report are Bob Lord's security team
since they are responsible for the bulk of these dialogs -- namely 3, 4, 5, and
6.
|
|
||
Comment 2•23 years ago
|
||
For the record, there have been several bug reports about the CYA dialog for
saving sensitive information. Here is a cross-reference list of them:
043503: Bad UI in "Saving Sensitive Information" dialog
102288: Wordings for password manager are specific to the application
117552: opening Site with PW opens annoyance window
117989: Save password shows alert that is vague
119114: logging into hotmail: 6 dialogs
|
||
Comment 3•23 years ago
|
||
Noticed this as well. I installed the latest Mozilla build on this fresh Win2000
install and I went to Hotmail, I didn't know whether to laugh or cry. Being
swamped with so many confirmation dialogs was definately not fun.
|
||
Comment 4•23 years ago
|
||
It will be interesting to hear if customers using embedded browsers have to say
also. I find the security warnings very confusing (particularly as many/most web
mail services mix secure and insecure content on a page so the warning about
content being read by anyone is very scary.)
I believe these warnings are turned off by default in IE.
mls: please help.
Assignee: mpt → mstoltz
Component: User Interface Design → Security: General
QA Contact: zach → bsharma
|
||
Comment 7•22 years ago
|
||
What about having one single dialog for security issues with the option 'Show me
again'?
|
||
Comment 8•22 years ago
|
||
Just logged in to netscape web mail. Got one popup informing and 4 popup with
warnings. 5 popups for just logging in to a web mail, scary!
OS: Windows 98 → All
Hardware: PC → All
|
||
Comment 10•21 years ago
|
||
The new 1.4 Build will not allow me to access my hotmail account
|
||
Comment 11•21 years ago
|
||
I'm fine with 2004010908. Reporter, are you still seeing this problem?
|
|
Reporter | |
Updated•19 years ago
|
Assignee: security-bugs → dveditz
QA Contact: bsharma → toolkit
|
|
Reporter | |
Comment 12•18 years ago
|
||
I only get two dialogs with Firefox trunk and a new profile: entering an encrypted page and leaving an encrypted page. Both dialogs are one-time by default.
Are there plans to remove or disable those dialogs? I don't think they're useful.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•