Get Yahoo OAuth login popups from casalemedia.com when I try to download my email from Yahoo / bellsouth.net
Categories
(Thunderbird :: General, defect)
Tracking
(Not tracked)
People
(Reporter: benjamin_klein, Unassigned)
References
()
Details
(Whiteboard: [support])
Attachments
(4 files)
I tried to add 3 JPG files. These are examples of the popups I get
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36
Steps to reproduce:
I click on get messages. Click on my Yahoo account or my AT&T account and I get popups for websites wanting me to logon to the website using my Yahoo user id and password
Actual results:
The popups want me to log on to the website using my Yahoo user id and password. When I x-out the first popup I get a second popup.
Logged on one time to a website. Got a message from yahoo that I had used my Yahoo id to log onto a third-party website. Changed my password on Yahoo and in TB. I also get an authentication failure.
Note: I included the authentication failure, and 3 popups as a sample of what I get.
Expected results:
My message should have been downloaded from Yahoo into TB
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
AT&T/Yahoo supports "OAUTH2. The suggested solution mentions the same thing. Sorry, that is not the solution to my issue.
It is rather difficult to comment. I have no intention of downloading a Microsoft word document, given their propensity to contain virus and malware and your suggestion you have something infecting you.
Perhaps try actually posting the images directly to the attachments. At this point there is nothing here to look at beyond you claim in the description.
If the issue is caused by a poisoned DNS, ensuring that the settings "enable DNS over HTTPs" is enabled in settings (search DNS in settings) should remove the deliberately poisoned one ATT use for their Yahoo mail mess. If it is enabled turn it off and restart just to ensure nothing changes.
|
||
Comment 5•3 years ago
|
||
Reporter's screenshots from comment 0:
- Authentication failure while connecting to server imap.mail.yahoo.com, and
- 2x what looks like OAuth prompts but with strange domain (casalemedia.com)
|
|
||
Comment 6•3 years ago
|
||
(In reply to Ben klein from comment #1)
AT&T/Yahoo supports "OAUTH2. The suggested solution mentions the same thing. Sorry, that is not the solution to my issue.
This looks much like a support issue.
Along Matt's comment 3 ("poisoned DNS"), I'm also confused about the strange servername (casalemedia.net) on what looks like OAuth prompt.
Hey Ben, we know nothing here about what you call "suggested solution".
- Pls clarify.
- Have you tried using Thunderbird support ?
- If yes, can you link the support thread?
|
|
||
Comment 7•3 years ago
•
|
||
|
|
||
Comment 8•3 years ago
|
||
Sorry for the noise, blame it on Yahoo which always brings support trouble.
Here's the needinfo which I forgot before...
|
|
||
Comment 9•3 years ago
|
||
(In reply to Matt from comment #3)
If the issue is caused by a poisoned DNS, ensuring that the settings "enable DNS over HTTPs" is enabled in settings (search DNS in settings) should remove the deliberately poisoned one ATT use for their Yahoo mail mess. If it is enabled turn it off and restart just to ensure nothing changes.
Wayne, is this something which should be mentioned in support articles if it isn't already?
|
Reporter | |
Comment 10•3 years ago
|
||
Reply to item 6: The name of the bug report has been changed twice since I entered it. Some of the original entries have disappeared. Re. the original solution was an article in Bugzilla that indicated that AT&T/Thunderbird did not support OAuth2. That may have been true at one point, but that is no longer the case. At the end of the article, it indicates that AT&T/Thunderbird did support OAuth2. Sorry not sure what you mean by TB support. Aren't most of the entries/comments from TB support?
Reply to items 7&8: I enable DNS over HTTPS. Made the change restarted my PC and brought up TB the same thing happened. Made no difference.
|
||
Comment 11•3 years ago
|
||
(In reply to Ben klein from comment #10)
Reply to item 6: The name of the bug report has been changed twice since I entered it. Some of the original entries have disappeared. Re. the original solution was an article in Bugzilla that indicated that AT&T/Thunderbird did not support OAuth2.
ATT don't have an oauth secret, so Thunderbird can not authenticate to ATT provided mail servers.
Because the arrangement ATT use involves them deliberately poisoning their DNS so their users get different mail pages that normal Internet users even providing support for them is difficult. Fortunately the cloudflare DNS over HTTPs is not poisoned and using that what support folk see and what5 ATT customers see is the same thing.
oAuth can be made to work with ATT by substituting the Yahoo advertised mail servers for those ATT advertise. The complete ATT email address is used as the username. But all of that is irrelevant in this bug. I have filed a number of related bugs over the past 5 years on this issue of ATT and Yahoo and the mess ATT have made.
Bug 1698316 is about the fact oAuth is not available to ATT customers without workarounds.
Bug 1591782 is about offering users a chance to set an oAUth provider in the account settings rather than mess with workarounds like substituting server names for those advertised by the provider.
Reply to items 7&8: I enable DNS over HTTPS. Made the change restarted my PC and brought up TB the same thing happened. Made no difference.
Just complete the login, and it will stop asking you to log in, is the reporting I have from support. Have you noticed you are not getting any email from Yahoo while we ponder your assertions? My assumption is Yahoo are attempting to monetise mail clients. What we can do about that I have no idea. Probably nothing until they start opening additional pop up windows, beyond the OAuth one that is which is a web page. Certainly, the server mentioned in the redirect is the one Yahoo use to identify you as an individual to sell advertising (ups.analytics.yahoo.com). In this yahoo program https://documentation.help.yahooinc.com/platform/SSP/Buyers/Enhancing-the-Partnership/Unified-User-Matching-for-Yahoo-SSP.htm
See https://support.mozilla.org/en-US/questions/1372545#answer-1525607 for related support topic.
|
|
||
Comment 12•3 years ago
|
||
Thanks, Matt, for that information.
I don't see that there is something actionable here.
Description
•