Crash after username/password login dialogue in MS webmail

RESOLVED DUPLICATE of bug 222849

Status

()

Core
Security
--
critical
RESOLVED DUPLICATE of bug 222849
15 years ago
15 years ago

People

(Reporter: Mirek, Assigned: Mitchell Stoltz (not reading bugmail))

Tracking

Trunk
x86
Windows 98
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5) Gecko/20031007
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5) Gecko/20031007

Crash occurs after "username/password login" dialogue in MS webmail interface.

Reproducible: Always

Steps to Reproduce:
1.Accept security certificate
2.Fill in login dialogue window
3.Click "OK" -> Crash

Actual Results:  
Crash

Expected Results:  
Login to the webmail server

The crash occured after "updating" the w98. Ocuurs for versions of Mozilla:
1.5rc2, 1.5final, 1.6 alpha

Talback ID: TB25616704E

No problems with IE5.5 or NN4.x versions.
(Reporter)

Comment 1

15 years ago
No problems with Win XP (Moz 1.5-final); crash is only Win98SE.

Comment 2

15 years ago
i don't see anything security sensitive about this bug report.  reporter: is
there something in this bug report that you don't want to have publicized?  what
are your reasons for filing a security sensitive bug report?

also, could you please try a build from

  ftp://ftp.mozilla.org/pub/mozilla.org/mozilla/nightly/latest-trunk/

preferrably one of the more recent WIN32 builds.  mozilla-win32-installer.exe is
usually up-to-date.

if that continues to crash, can you please provide a HTTP log?  steps to do so
can be found here:

  http://www.mozilla.org/projects/netlib/http/http-debugging.html

thanks!!
(Reporter)

Comment 3

15 years ago
The reson for security bug were that 
1. the dialogue form before crash contasined both username and password
2. the crash ocurred in "secur32.dll" library
(i.e., just beofre the secured transaction begins).
3. I just wanted to be sure that both username and password do not appear in
"wild" while tracing the bug stack...
(It happened to me with other bug in the past- real names and addresses were
disclosed)
>1. the dialogue form before crash contasined both username and password

this bug does not seem to contain that username/password...

anyway, secur32.dll sounds like NTLM. darin, does that mean your ntlm patch
fixed this?

Comment 5

15 years ago
indeed.  this sounds like a duplicate of bug 222849.

*** This bug has been marked as a duplicate of 222849 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE

Comment 6

15 years ago
opening up this bug report.  there is nothing sensitive here.  the talkback data
is currently in the hands of AOL, and i don't think anyone will be posting
talkback data here.
Group: security
You need to log in before you can comment on or make changes to this bug.