Closed Bug 27104 Opened 25 years ago Closed 25 years ago

[feature] No warning when sending insecure form data

Categories

(Core Graveyard :: Security: UI, defect, P3)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Windows 95
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: junruh, Assigned: dougt)

References

(
URL
)

Details

Overview Description: No warning when sending insecure form data Steps to Reproduce: 1) Visit https://junruh.mcom.com/mix.html 2) Click on the form submit button Actual Results: The userAgent string is displayed. Expected Results: A warning "Warning! Although this document is secure, the information you have submitted is insecure and could be observed by a third party while in transit. If you are submitting passwords, credit card numbers, or other information you would like to keep private, it would be safer for you to cancel the submission.", plus the userAgent string is shown. Build Date & Platform Bug Found: 2/9/00
Blocks: 13785
Target Milestone: M15
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Dupe of 26336. *** This bug has been marked as a duplicate of 26336 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Verified duplicate.
Status: RESOLVED → VERIFIED
Reopening. The original problem of lack of a warning is still there.
Status: VERIFIED → REOPENED
Resolution: DUPLICATE → ---
Summary: No warning when sending insecure form data → [feature] No warning when sending insecure form data
Depends on: 33203
Component: Security: General → Security: Crypto
Fixed. This appears to be working in today's commercial build.
Status: REOPENED → RESOLVED
Closed: 25 years ago25 years ago
No longer depends on: 33203
Resolution: --- → FIXED
odd. I did not add this support. reopening.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Depends on: 34345
Depends on: 33203
No longer depends on: 34345
blocked by 33203, plus will need to do some work once unblocked. moving to m16
Target Milestone: M15 → M16
Note that there are two types of warnings in use with Nova, depending on whether or not the form is submitted from a secure or insecure site. See the wording used with Nova at https://junruh/frames.html.
fix checked in. Marking fixed.
Status: REOPENED → RESOLVED
Closed: 25 years ago25 years ago
Resolution: --- → FIXED
The fix didn't make it into the 4000042508 build.
The fix may have made it in, but works inconsistently. It seems to work with https://junruh/mix.html, but not http://junruh/mix.html. It does not work at all on https://junruh/frames.html.
https://junruh/frames.html doesn't have any form posting. the http link is already insecure, so should I even post a warning?
Doug, go to https://junruh/frames.html with Nova, with or without PSM. Make sure the 4 security warning check boxes are checked in Security Advisor. Notice that all four form submit buttons give you a warning, and a different warning for each frame from which the form was submitted - secure or insecure. That is the behavior that I am expecting in Seamonkey.
Verified. The original bug is fixed. Opening http://bugzilla.mozilla.org/show_bug.cgi?id=37155
Status: RESOLVED → VERIFIED
Oh, your right. please open up a new bug about posting from an insecure page.
No longer blocks: 13785
Mass changing Security:Crypto to PSM
Component: Security: Crypto → Client Library
Product: Browser → PSM
Target Milestone: M16 → ---
Version: other → 2.1
Mass changing Security:Crypto to PSM
Product: PSM → Core
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.