it is not secure. not asking password while composing mail



MailNews: Account Configuration
12 years ago
12 years ago


(Reporter: Trilochan Mishra, Unassigned)



1.4 Branch

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [sg:nse])



12 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Build Identifier: Mozilla 1.6

I am working in Alcatel Development India Pvt.Ltd.,chennai, India.
here we are using Mozilla 1.6 browser.

the incoming server is IMAP. i am giving the incoming server address. after that it is creating the user.
and here i can create anybody's mail account. after that for composing any mail it should ask password. and it is asking password but i am neglecting that password by clicking cancel.
then in the browser in the right hand space i am able tofind a compose option with inbox option. when i am going for the compose option a compose window is opening and i am able to send mail without any password to anybody.

so it is to be noticed that one can create anybodys account in the organization environment. it is not caring wheather that person is already having a valid account or not. and without password it is sending the mail.
but if we reply to that mail it is not coming.
so what is the problem.

hope you can understand what i mean to say.
for more details feel free to contact me on 
my cell no is : +91-9840806778

thanks & regards,
Trilochan Mishra

Reproducible: Always

Steps to Reproduce:
1.check the password fild for sending option and enable it.
2.check your security level.


12 years ago
Component: Safe Browsing → Colorpicker
Keywords: arch
Product: Firefox → Composer
Version: unspecified → 0.17

Comment 1

12 years ago
this is a misconfiguration of your mail server. go complain to your admin.
Assignee: nobody → mail
Component: Colorpicker → MailNews: Account Manager
Product: Composer → Mozilla Application Suite
QA Contact: safe.browsing
Version: 0.17 → 1.4 Branch


12 years ago
Group: security
Last Resolved: 12 years ago
Resolution: --- → INVALID
Whiteboard: [sg:nse]
What's not secure is using Mozilla 1.6! That's a two-and-a-half year old version. Here are the security fixes in just the past year and a half:

There are exploits being used in the wild for vulnerabilities we fixed mid-2005.

If your Mozilla is that old probably your Java is as well. There are tons of exploits for old versions of Java. update at

Note that IMAP is for incoming mail, SMTP is used for outgoing mail. *both* must be set to require passwords and enforce a match between the From: line and the account. But there are plenty of un-secured SMTP servers in the world, forged "From" lines are a foregone conclusion (common technique used by spammers and email worms)


12 years ago
You need to log in before you can comment on or make changes to this bug.