Closed
Bug 312542
Opened 19 years ago
Closed 19 years ago
Clicking 'no' in the scam warning opens page anyway
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
Thunderbird1.1
People
(Reporter: ch-world, Assigned: dveditz)
References
Details
(Keywords: fixed1.8)
Attachments
(2 files)
9.00 KB,
message/rfc822
|
Details | |
1007 bytes,
patch
|
mscott
:
review+
mscott
:
approval1.8rc1+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 I did get an email scam from someone who wants get my ebay password. There is a link to an IP which wants to be a copy of the ebay Site. After clicking on it, a window opens where Thunderbird asks "... Are you sure you want to visit 81.116.144.178?" After clicking on no the page opens like by clicking on yes. I don't know if it's important but the massges was in the trash. Thunderbird Version: version 1.5 Beta 2 (20051006) Reproducible: Sometimes Steps to Reproduce: 1. Open a scam mail 2. Click a link 3. If Thunderbird ask you if you want to visit the page do "No" Actual Results: Sometimes the page opens. But not all the time. Expected Results: Not open the page ;)
Comment 1•19 years ago
|
||
Worksforme here. Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051015 Thunderbird/1.4.1 ID:2005101506
Assignee | ||
Comment 2•19 years ago
|
||
WFM with 1.5 beta 2 (20051006). What version are you using? your Firefox is from that date, is your Thunderbird as well? Do you get this behavior on all links when the phishing detector goes off, or just this one? Sometimes the phishy link gets opened if the link text is not a URL ("Click here to activate") and the link host is not numeric, but in those cases I don't get the "Are you sure" dialog. In the two dozen phishing links I just tried from my trash (mixture of numeric addresses and not) I could not reproduce this problem.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
Yes, thunderbird and firefox are both 20051006. The scam warning was the first time with importet profile.
Comment 5•19 years ago
|
||
*** Bug 313321 has been marked as a duplicate of this bug. ***
Comment 6•19 years ago
|
||
New bug report reporting same issue. Reopening
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
Comment 7•19 years ago
|
||
The scam alert box seems to work properly when a phishing link is clicked from the Message Pane (F8), but exhibits the broken behavior when the link is clicked from an opened email. (1.5 Beta 2)
Assignee | ||
Comment 8•19 years ago
|
||
Ah ha! That's exactly it. The bug happens when opened from the messageWindow, but not from the message pane.
Assignee: dveditz → mscott
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.8rc1?
Summary: Clicking 'no' in the scam warning opens the page → Clicking 'no' in the scam warning opens page anyway
Assignee | ||
Updated•19 years ago
|
Assignee: mscott → dveditz
Assignee | ||
Comment 9•19 years ago
|
||
I think this ought to go into rc1. It's a small, safe patch that makes messageWindow.xul match messenger.xul which works correctly. The cost of not taking it is a very visible failure in one of the high-profile new thunderbird features.
Attachment #200715 -
Flags: review?(mscott)
Attachment #200715 -
Flags: approval1.8rc1?
Comment 10•19 years ago
|
||
Comment on attachment 200715 [details] [diff] [review] Don't go to the scam page if user says "no" that's odd, this is working for me. If we respin RC1 again then we can pick this up. This is a pretty bad issue, I'll see if I can reproduce. Ah I see the trick is to use the stand alone message window....Nice one Dan. Go ahead and check this in now.
Attachment #200715 -
Flags: review?(mscott)
Attachment #200715 -
Flags: review+
Attachment #200715 -
Flags: approval1.8rc1?
Attachment #200715 -
Flags: approval1.8rc1+
Comment 11•19 years ago
|
||
Dan let's wait until I'm sure we're about to do a respin and then I'll land it.
Comment 12•19 years ago
|
||
I landed Dan's patch for this on the the branch and the trunk. Has no impact on Firefox.
Status: NEW → RESOLVED
Closed: 19 years ago → 19 years ago
Flags: blocking1.8rc1? → blocking1.8rc1+
Keywords: fixed1.8
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird1.1
You need to log in
before you can comment on or make changes to this bug.
Description
•