Closed Bug 225794 Opened 21 years ago Closed 21 years ago

Crash after username/password login dialogue in MS webmail

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 222849

People

(Reporter: lizal, Assigned: security-bugs)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5) Gecko/20031007 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5) Gecko/20031007 Crash occurs after "username/password login" dialogue in MS webmail interface. Reproducible: Always Steps to Reproduce: 1.Accept security certificate 2.Fill in login dialogue window 3.Click "OK" -> Crash Actual Results: Crash Expected Results: Login to the webmail server The crash occured after "updating" the w98. Ocuurs for versions of Mozilla: 1.5rc2, 1.5final, 1.6 alpha Talback ID: TB25616704E No problems with IE5.5 or NN4.x versions.
No problems with Win XP (Moz 1.5-final); crash is only Win98SE.
i don't see anything security sensitive about this bug report. reporter: is there something in this bug report that you don't want to have publicized? what are your reasons for filing a security sensitive bug report? also, could you please try a build from ftp://ftp.mozilla.org/pub/mozilla.org/mozilla/nightly/latest-trunk/ preferrably one of the more recent WIN32 builds. mozilla-win32-installer.exe is usually up-to-date. if that continues to crash, can you please provide a HTTP log? steps to do so can be found here: http://www.mozilla.org/projects/netlib/http/http-debugging.html thanks!!
The reson for security bug were that 1. the dialogue form before crash contasined both username and password 2. the crash ocurred in "secur32.dll" library (i.e., just beofre the secured transaction begins). 3. I just wanted to be sure that both username and password do not appear in "wild" while tracing the bug stack... (It happened to me with other bug in the past- real names and addresses were disclosed)
>1. the dialogue form before crash contasined both username and password this bug does not seem to contain that username/password... anyway, secur32.dll sounds like NTLM. darin, does that mean your ntlm patch fixed this?
indeed. this sounds like a duplicate of bug 222849. *** This bug has been marked as a duplicate of 222849 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
opening up this bug report. there is nothing sensitive here. the talkback data is currently in the hands of AOL, and i don't think anyone will be posting talkback data here.
Group: security
You need to log in before you can comment on or make changes to this bug.