Closed Bug 224589 Opened 21 years ago Closed 21 years ago

Browser crashes when logging on to secure web page via pop-up dialog

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 222849

People

(Reporter: RWhitehouse2, Assigned: security-bugs)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6a) Gecko/20031030 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6a) Gecko/20031030 Versions of Mozilla after 1.5a crash when trying to log in to secure web sites that use pop-up dialog to challenge for username and passwords (and optional domains). The crash will occur if entity that is requiring the username/password is displayed as a null string. For example, the login dialog will say, "Enter username and password for "" at infotropolis.saic.com", then Mozilla will crash. However, if it says, "Enter username and password for "infotropolis" at infotropolis.saic.com", then it will behave correctly (see "Expected Results", below). Reproducible: Always Steps to Reproduce: 1. Go to https://infotropolis.saic.com and/or https://issaic.saic.com 2. Enter username and password (need to prefix username with intra-company domain ("company-domain-name/username") for the Infotropolis site only). 3. Either press the Enter/Return key or click "OK" button. Actual Results: A Windows error dialog is displayed stating that Mozilla has performed an illegal operation and will be shut down. Expected Results: Mozilla should remove the login dialog and proceed with displaying the requested web page. Sites involved are accessed using a tab-set from bookmarks / home-page specification. The are three tabs in the set, two of which are these secure web pages. The third one (https://sets.saic.com) is also a secure web page, but this page is the username/password challenger itself and does not use a dialog in order to gain access first.
TB25093131Y, TB25092915Q Win98, Mozilla 1.5 Release https://infotropolis.saic.com/ crashed 1.6a Release and 1.5 Release. As 1.6a doesn´t include talkback I used 1.5 to submit talkback. Submitting an empty login box gave instant crash, DocWatson says: SECUR32.DLL Submitting random login data is ok. https://issaic.saic.com/ works for me, can´t log in, but can retry endlessly. Seems to be a dupe of: Bug 222849 crash [@SECUR32.DLL] Login (entering username and password and pressing the enter key) causes Firebird to crash. Happens on Mozilla also *** This bug has been marked as a duplicate of 222849 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Forgot to adjust the URL, please put one URL only into the URL field!
URL: https://issaic.saic.com or https://in...https://infotropolis.saic.com
Perhaps this is a duplicate, but I got a "Zarro Boogs found" message when I searched Bugzilla. Please try the Infotropolis site (https://infotropolis.saic.com). I tried a bogus username/password combination and Mozilla blew-up as before. When testing this, please be sure that the entity requiring the username/password displays as a null string ("") as I noted in the original submission. If the dialog displays a name in the double-quotes, then everything will work as expected.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
This site definitely asks for NTLM authentication first so the initial dupe is correct imho. In order to help, can you comment within bug 222849 what SECUR32.DLL version you're using on your machine ? Do this via attachment 131139 [details] (dumpver.exe) *** This bug has been marked as a duplicate of 222849 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago21 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.