Closed Bug 302967 Opened 19 years ago Closed 17 years ago

Security Error - Domain Name Mismatch - Locks Browser

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: baumgrenze, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.8) Gecko/20050511
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.8) Gecko/20050511

I posted this in the forum - it has had 16 views in ~24 hrs with no responses.

I am using Mozilla 1.7.8 Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.8)
Gecko/20050511 under Win 98 SE2. 

On Friday, 7/29/05, Yahoo Mail dumped two emails from "spoof@paypal.com" into my
Bulk folder. Since I've reported phishing to that address, I decided to check if
the consignment to the Bulk folder was a mistake. I immediately encountered a
"Security Error - Domain Name Mismatch" dropdown box. I was told that I was
trying to reach "static.paypal.com" but that the certificate belonged to
"origin-www.paypalobjects.com." I can look at the certificate's values. The
dates do not match those that PayPal posts on their
http://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&eloc=1319 
website. 

When I attempted to close the "Security Error" box by selecting "cancel" the box
closeed and immediately reopened in an endless loop. I could not use any other
open Mozilla windows (a blank window would not open Google or Yahoo.) I could
only escape from the loop by going to the task list and shutting down Mozilla. 

Is there a way to prevent phishers from triggering this endless loop? If so, it
should be implemented to save 'innocent users' from giving up and accepting the
certificate just to regain control of their browser. 

Baumgrenze

Please note, 

This happens in Yahoo Mail. I suppose that it could be a 'joint issue' with
Yahoo?! Nevertheless, the browser does lock up.

I have not tried responding to the security dropdown by accepting the
certificate. I realize that it might be useful to have a "View Source" copy of
the email for you to see what is going on. Please offer me reassurance that it
is OK to do so; I think I'm probably OK as long as I don't open any links, but
I'm still uncomfortable (color that 'uninformed.') As an alternative, could I
forward a copy to someone?


Reproducible: Always

Steps to Reproduce:
1. I tried to open the email and encountered the Security Error message
2. I tried to cancel 
3.

Actual Results:  
The cancel failed and the Security Error message reappeared just like a web page
that won't go away.

Expected Results:  
The cancel should have returned me to my inbox.
Could you verify whether this problem occurs on a recent version of SeaMonkey or nightly build (http://www.seamonkey-project.org/releases/) please?
Today I got an email from bugzilla-daemon@mozilla.org. In it, Arun Prasannan asked me to comment on bug id=302967.

The reported bug was posted in July/August 2005 when I encountered a lock-up problem triggered by an email in my Yahoo account.

I can no longer test if this problem persists. I can no longer find the email in my account. Perhaps I gave up and deleted it.

I've also changed machines and operating systems. I am now running XP Pro (5.1.2600 SP2 Build 2600).

I've not seen a problem similar to the one I reported during the last 2 3/4 years.
_________________
Thanks,

Baumgrenze
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.