User-Agent: Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040124 Postbank, one of the largest Dutch banks, uses a Java-applet for security at logon on their internet banking application. It seems it is used for encryption. Reproducible: Always Steps to Reproduce: 1. Go to https://www.p3.postbank.nl/sesam/SesamLoginServlet 2. Fill in anything in 'Gebruikersnaam' (=username) 3. Fill in anything in 'Wachtwoord' (=password) 4. Hit <Enter> Actual Results: If the applet failed to load, you'll get a pop-up saying something like this: "Inloggen Mijn Postbank.nl U kunt niet inloggen op Mijn Postbank.nl Om gebruik te maken van Mijn Postbank.nl, moet u beschikken over: – Windows 95, 98, ME, 2000, NT en XP in combinatie met Internet Explorer 4.01 of hoger of MAC OS 10 in combinatie met Netscape 7.0. [...]" Expected Results: In case the applet is loaded, you'll probably will get some error message on the same page, or get logged on if you managed to enter a correct combination of user-id and password. The applet is loaded using the following code: <applet code="CA.class" codebase="/sesam" name="CryptoApplet" id="CryptoApplet" archive="ca.jar" align="bottom" width="0" height="0" id="CryptoApplet"> <param name="CABBASE" value="ca.cab"> </applet> Apparently, there is an option to use ActiveX as well, but obviously, that is not something a Linux user needs. Strange thing is that it seems to work with some distro's (i.e. Red Hat 9, Moz 1.2.1 and Sun Java 1.4.2), but on my Fedora Core 1 box, it has never worked, no matter which version or vendor i use for the Java plugin. From this thread at Webwereld.nl ( http://webwereld.nl/nieuws/reactie_compleet.phtml?id=17697 ) i gather i'm not the only one, though. <speculation>I think it has something to do with the plugin size being zero height and zero width, but i can imagine the applet is supposed to be invisible.</speculation> The only workaround i found, is using Opera. Now, that's not what we want, is it?
Created attachment 140972 [details] Pop-up window Attachment shows the pop-up window one gets when trying to log on when the applet is not loaded.
WFM Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 Java Plug-in 1.5.0 After a couple of seconds, I get a java security dialog. After I accept that, the page seems to work fine, with an error message at the top saying that my username/pass is incorrect.
I tried to compare the behavior of Mozilla in Fedora to that in RedHat 9, using the Java Console. When the trace level is set to 5, in RedHat, at loading the page, the console starts printing stuff like: Trace level set to 5: basic, net, security, ext, liveconnect ... completed. setWindow: call before applet exists:37750421 Referencing classloader: sun.plugin.ClassLoaderInfo@e2291, refcount=1 Loading applet ... Initializing applet ... Starting applet ... Connecting https://www.p3.postbank.nl/sesam/ca.jar with no proxy Connecting https://www.p3.postbank.nl/sesam/ca.jar with cookie "AppletType=java; ns_cookietest=true; ns_session=true; ACSpeed=42055; sesessionid=0002E0NCRXABTNVY3XO2NXKZ0DQ" Loading Root CA certificates from /usr/lib/jvm/java-1.4.2-sun-1.4.2.01/jre/lib/security/cacerts [...] Whereas with Fedora, also with trace level set to 5, the console prints _nothing at all_: Trace level set to 5: basic, net, security, ext, liveconnect ... completed. <nothing> So it seems the browser doesn't even attempt to load the applet. (Before anyone asks: Java(TM) Plug-in 1.4.2_02-b03 File name: libjavaplugin_oji.so Java(TM) Plug-in 1.4.2_02 )
One of the differences between my RedHat-box and Fedora turned out to be the java-vm version. On the first one 1.4.2_01-b06 is installed, on the latter it was 1.4.2_02-b03. So i de-installed 1.4.2_02-b03, and installed 1.4.2_01-b06. And now it works. Still, it should work on the others as well.
(In reply to comment #4) > One of the differences between my RedHat-box and Fedora turned out to be the > java-vm version. On the first one 1.4.2_01-b06 is installed, on the latter it > was 1.4.2_02-b03. So i de-installed 1.4.2_02-b03, and installed 1.4.2_01-b06. > And now it works. I tested a number of different java versions with Firebird 0.7, and 1.4.2_01-b06 seems to be the last version that works: 1.4.2-b28 OK 1.4.2_01-b06 OK 1.4.2_02-b03 NOK 1.4.2_03-b02 NOK 1.5.0-beta-b32c NOK
(In reply to comment #0) > <speculation>I think it has something to do with the plugin size being zero > height and zero width, but i can imagine the applet is supposed to be > invisible.</speculation> I think you are correct. I used a proxy script that changes width="0" height="0" id="CryptoApplet" into: width="1" height="1" id="CryptoApplet" and now the newer plugin version work as well! So, at least we have a workaround for the Postbank. When I look through the release notes of 1.4.2_02 at: http://java.sun.com/j2se/1.4.2/ReleaseNotes.html#PriorRels there is one bug fix that is related to the applet size: 4798569 Mozilla cannot correctly display Java applet with relative "width" attribute. Perhaps the current problem was introduced in that fix?
Yep. I stumbled upon that bug earlier today. More details at http://developer.java.sun.com/developer/bugParade/bugs/4798569.html Here's a quote: "* Whether it is legal to call SetWindow with 0 width and 0 height" Another: "Since AWT does not allow width/height to be 0, we will add this restriction to JPI code to filter that." So basically, the bug was fixed by prohibiting zero sized applets. In other words: an applet cannot be invisible anymore...
(In reply to comment #7) > So basically, the bug was fixed by prohibiting zero sized applets. In other > words: an applet cannot be invisible anymore... The funny thing is that the previous online banking system of the Postbank (Girotel Online, https://gto.postbank.nl/), uses a size of 2x2: <applet NAME="g3" CODE="PBGN.class" WIDTH="2" HEIGHT="2" ALIGN="BOTTOM" ARCHIVE="PBGN.jar">
For the zero-size applet, please see bug 188454 comment 10.
This is not a Mozilla problem, so setting Product to Tech Evangelism.
Status: UNCONFIRMED → NEW
Component: Java: OJI → Dutch
Ever confirmed: true
Product: Browser → Tech Evangelism
Hardware: PC → All
Version: Trunk → unspecified
Kyle, do you still wish to be the assignee for this bug? Otherwise feel free to change assignment to firstname.lastname@example.org.
Actually, I don't think this belongs to Tech Evangelism. This is a regression of mozilla and/or Java plugin. Zero-size applet should be supported and we are trying to figure out a way to do that right now.
Component: Dutch → Java: OJI
Product: Tech Evangelism → Browser
Version: unspecified → Trunk
Would appreciate it if this bug could be nominated for 1.0, as this affects a huge amount of Dutch Mozilla/Firefox users.
> Would appreciate it if this bug could be nominated for 1.0, as this affects a > huge amount of Dutch Mozilla/Firefox users. This is not a mozilla/firefox bug. It has already been fixed in jre 1.5.
Moreover, Postbank changed the applet size a while ago into 1x1. So it's fixed at all sides now.
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED
> Zero-size applet should be supported and we are > trying to figure out a way to do that right now. > This is not a mozilla/firefox bug. It has already > been fixed in jre 1.5. Confusing over whether this is Mozilla or Evangelism. In any case, no bug/patch has been referenced here as something (from a Mozilla standpoint) that caused things to work again. If it really WAS just fixed by the Web site this should be moved back to Evangelism again... ->WORKSFORME
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Status: REOPENED → RESOLVED
Last Resolved: 14 years ago → 14 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.