229653 - fnfismd.com - First Horizon mortgage borrowers cannot perform any mortgage account functions with non-Firefox Gecko browsers

Status: RESOLVED INVALID

(Web Compatibility :: Site Reports, defect)

Description

[corey]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007 Firebird/0.7
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007 Firebird/0.7

Note: this requires an account with First Horizon



Reproducible: Always

Steps to Reproduce:
1. Load client
2. Go to URL: https://secure.ftmortgage.com/cstsvc/customer_login.asp
3. Enter Acct Num and SSN as required;  Click "Login"



Actual Results:  
Current result: User is given a blank screen.

Viewing source on the blank page returns the following information, which
appears to have a purpose of logging into another website
(https://www.venture-encoding.com/docview/Docview.asp)

As this included my account number (!), and other various logins and passwords
that don't /seem/ to be associated with my account, I have xxxxx'ed them out
accordingly.  

 
<form name="frmVenture" method="post"
action="https://www.venture-encoding.com/docview/Docview.asp">
<input type="hidden" name="logon" value="xxxxxxxs">
<input type="hidden" name="password" value="xxxxx">
<input type="hidden" name="parentnum" value="66300z">
<input type="hidden" name="acctnum" value="xxxxxxxxxxx">
</form>

<script LANGUAGE="JavaScript" TYPE="text/javascript">
<!--
frmVenture.submit();
//-->
</SCRIPT>

As it stands now, MSIE does load the "venture-encoding.com" URL listed above,
and is redirected to the user's customer info page.  Mozilla does not seem to
get past that stage, but I suspect it's the site's fault more than it is Moz.  

Really, it seems their whole site is hacked together, but as it doesn't work in
Mozilla, I figured it'd be a prime candidate for evangelism.


Expected Results:  
Expected result: User is brought to his/her account information page.

Comment 1

[Sean Timm]

This is still a problem (with the site, not the browser).  Comment sent to site
(9/6/2004), awaiting feedback.  Same behavior seen with Mozilla build:
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a3) Gecko/20040817

Comment 2

[chris hofmann]

one of the best references/recommendations I've found for encouraging financial institutions to support firefox is located at bankers on-line web site 

http://www.bankersonline.com/security/security_browserthreat070204.html 

It was written in 2004 during the download.ject attack, but much of it still applies today.  This is a good link to send when contacting banks.

Comment 3

[Sean Timm]

First Horizon does now support non-IE browsers.  I was able to log in with Firefox 1.5 and Windows XP.

Comment 4

[Chris Lawson (gone)]

Has anyone tried this with any Gecko browsers other than Firefox? Sean or Corey, could you please try it with Seamonkey, or with Firefox spoofing as Camino on Mac?

Comment 5

[Chris Lawson (gone)]

I'm going to confirm this because we do know it was a problem at one point. It'd be nice to know if it's still a problem for non-Firefox Gecko users, though.

Site seems to have moved to

https://carenet.fnfismd.com/firsthorizon/ACCLogin.jsp

by the way.

Comment 6

[Karl Dubost💡 :karlcow]

by virtue of time. :) Internal Server Error