Closed Bug 293634 Opened 19 years ago Closed 6 years ago

mybank.icbc.com.cn - form input password activeX plug-in required

Categories

(Web Compatibility :: Site Reports, defect, P3)

defect

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: supermxb, Assigned: yliu)

References

()

Details

(Whiteboard: [country-cn] [serversniff] [sitewait])

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon; .NET CLR 1.1.4322)
Build Identifier: Mozilla/5.0

There is a form in this page,which have a line to input password. There is no 
problem if you use IE. But if use firefox ,this input field disappeared . I 
think it is not downloading plus-in of this page when enter password. 

Reproducible: Always

Steps to Reproduce:
1.open firefox 
2.enter https://mybank.icbc.com.cn/icbc/perbank/index.jsp 
3.

Actual Results:  
I could not enter password after  enter username,because the input field  of 
password do not display.

Expected Results:  
I can enter password and visit that website.
Keywords: coverity
Version: unspecified → 1.0 Branch
Firefox doesn't support ActiveX, required by this page. Not a security problem
(in fact quite the opposite).

-->Tech Evangelism
Assignee: nobody → chinese-simplified
Group: security
Status: UNCONFIRMED → NEW
Component: Tabbed Browser → Chinese-Simplified
Ever confirmed: true
Keywords: coverity
Product: Firefox → Tech Evangelism
QA Contact: tabbed.browser → chinese-simplified
Summary: form input password plus-in → [mybank.icbc.com.cn]form input password activeX plug-in required
Version: 1.0 Branch → unspecified
Blocks: 124594
Is this still a problem? It appears to be, which means all Mac users are out in the cold as well.
OS: Windows XP → All
Hardware: PC → All
Summary: [mybank.icbc.com.cn]form input password activeX plug-in required → mybank.icbc.com.cn - form input password activeX plug-in required
Going to https://mybank.icbc.com.cn/icbc/perbank/index.jsp 
Now displays 对不起,使用我行网银需要Mac OS X 10.6.8及Safari5.1或以上版本,建议您在线升级操作系统或浏览器版本后使用我行网银。 

If I go there with Safari, I get redirected to
https://mybank1.icbc.com.cn/icbc/perbank/index.jsp?injectTranName=&injectTranData=&injectSignStr=

When emulating the User Agent to be Safari, there is no issue on Firefox we can access the site.

The site needs to be contacted and asked if they could send to Firefox the same version they send to Safari users.
Component: Chinese-Simplified → Desktop
Whiteboard: [country-cn] [serversniff] [contactready]
Adding yliu for contacting sites in Chinese.
Assignee: chinese-simplified → yliu
ICBC had fixed this bug for Windows before Fx10 release, but the website only compatible with Fx10-Fx21 on windows so for. For Mac, they didn't do any improvement.

we are now keeping in contact with ICBC and waiting for their solution on latest Firefox.
Whiteboard: [country-cn] [serversniff] [contactready] → [country-cn] [serversniff] [contactready][sitewait]
Whiteboard: [country-cn] [serversniff] [contactready][sitewait] → [country-cn] [serversniff] [sitewait]
I'm still seeing the ActiveX stuff:

<object id="safeEdit1" codebase="/icbc/newperbank/AxSafeControls.cab#version=1,0,0,26" classid="CLSID:73E4740C-08EB-4133-896B-8D0A7C9EE3CD" style="vertical-align:middle;" nextelemid="verify" onkeyup="getfocus1('KeyPart', event);" onfocus="clearErrTip();detectCapsLock('logonform','safeEdit1',670,140,400,'logontb')" onblur="closeCapTip('logonform','safeEdit1')" width="200" height="24">
<param name="name" value="logonCardPass">
<param name="minLength" value="4">
<param name="maxLength" value="30">
<param name="rule" value="10111">
<param name="UniqueID" value="1491592556782859459">
<param name="IsPassword" value="true">
<param name="prompttext" value="登录密码">
<param name="prompttextcolor" value="102,102,102">
<param name="backgroundcolor" value="255,255,255">
<param name="isbordervisible" value="0">
</object>

Karl, maybe we could ask Mozilla Japan if they have contacts? I don't know big of a change a request like this would be... but apparently this bank is still IE-only.
Flags: needinfo?(kdubost)
Oops. Not Japan. >_<

Redirecting question to Eric.
Flags: needinfo?(kdubost) → needinfo?(etsai)
Password and captcha field still use activeX plugin. I think Bingqing has connection with them?
Flags: needinfo?(etsai) → needinfo?(bli)
We've been contact with them for a really long time, but lack of progress.
The last few years,the desktop online bank is moving over to mobile online bank, So many banks has stopped the maintenance of desktop online bank, especially after stopping the support of NPAPI.
Flags: needinfo?(bli)
(In reply to Bingqing Li from comment #11)
> We've been contact with them for a really long time
We've been contacting with them for a really long time. And still try to ping the relevant people of ICBC from time to time.
Thanks everyone for the info -- these types of change requests are not simple (please rewrite your app), so I'm not surprised by the lack of progress here. We can leave it open, but maybe WONTFIX is the better scenario.
Just to add some findings, clicking on the ICBC internet banking login page:

https://mybank.icbc.com.cn/icbc/enperbank/index.jsp

Using Firefox shows a messaging saying:

Only IE7 and above (excluding Edge) or Chrome 38 to 41 or Safari 7 and above are supported

Furthermore I tried using Chrome+Windows and it requires downloading an extension to login:

https://mybank.icbc.com.cn/icbc/newperbank/ICBCChromeExtension.msi

I unzipped it and found that it packages various npChrome DLLs and a WebExtension that loads an npChromeClCache.dll and whose manifest.json file is NOT scoped to ICBC domains, but rather is executed on all websites matching (file|https?)://*/* so not very security conscious.
(In reply to em_te from comment #14)
> I unzipped it and found that it packages various npChrome DLLs and a
> WebExtension that loads an npChromeClCache.dll and whose manifest.json file
> is NOT scoped to ICBC domains, but rather is executed on all websites
> matching (file|https?)://*/* so not very security conscious.

That sounds pretty terrible?
Priority: -- → P3
Due to security issues, we won't fix this.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.