vanguard.com - Broken UA sniffing ("Firefox" instead of "Gecko") breaks tax form viewing, Flash version detection, etc.

RESOLVED WORKSFORME

Status

RESOLVED WORKSFORME
11 years ago
4 years ago

People

(Reporter: david, Unassigned)

Tracking

Details

(URL)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 SeaMonkey/1.1.8, NOT Firefox/2.0.0.12
Build Identifier: 

I generally have no problem navigating the Vanguard Web site with SeaMonkey, including making transactions on my account.  In January 2008, I successfully viewed and downloaded the Forms 1099-INT, 1099-DIV, 1099-R, and 1099-B.  

However, the Form 1099-DIV was amended in February 2008.  Now an attempt to view any of the forms via SeaMonkey causes the launch of Internet Explorer, which freezes.  Something changed at Vanguard.com between January and February 2008.  

Further, if I spoof Firefox with the following UA string, I can indeed view the forms:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 SeaMonkey/1.1.8, NOT Firefox/2.0.0.12




Reproducible: Always

Steps to Reproduce:
Testing this requires an online account at Vanguard.com.  



I also noted that, in January, when I downloaded the tax forms (which are PDF files), they were complete.  Now, if I try to download the forms while spoofing Firefox, the forms are blank.  They are locked so that inputs are not saved, including inputs generated by Vanguard while displaying the forms.
(Reporter)

Comment 1

11 years ago
This is another case of invalid UA sniffing for Firefox instead of Gecko (tracking bug 334967).  
Blocks: 334967
(Reporter)

Comment 2

11 years ago
This problem arose between 12 Jan 08 and 16 Feb 08.  On 12 Jan, I was able to view my tax forms at Vanguard without spoofing any browser.  On 16 Feb, the problem existed.  I did not attempt to view tax forms between those two dates.  

Further, on 12 Jan, I was able to download and save filled in tax forms.  On 16 Feb, only the blank forms were saved.  Information about dividends, interest, etc was not saved; not even my name appears in the saved forms.  

Vanguard has been notified.  

Comment 3

11 years ago
FWIW, I able to view and print a 1099-DIV form.  They're delivering the documents as FDF (http://www.adobe.com/devnet/acrobat/fdftoolkit.html).  I couldn't seem to download and open the file locally, but when I used the Adobe plugin, the 1099-DIV loaded (and printed) OK.  I'm not sure why they're using FDF (it's not really a form).

Comment 4

11 years ago
> FWIW, I able to view and print...

In SeaMonkey.  I was actually spoofing my useragent, but I was spoofing it to be "Gecko/1.9b4pre"
(Reporter)

Comment 5

11 years ago
I tried the UA string
  Mozilla/5.0
That launched IE.  I tried the UA string
  Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201
That worked.  When you look at the strings I cited in my original report, you will see that there is some kind of strange sniffing going on.  

In any case, when I contacted Vanguard immediately after submitting this bug report, they told me that the Forms 1099 could not be accessed at all by any Gecko-based browser, not even Firefox.  When I told them that I had accessed the forms via SeaMonkey whiles spoofing Firefox, they could not explain it.  

Regarding PDF versus FDF, Vanguard claims they use FDF files so that tax information can be made available more quickly than with PDF files.  Apparently, they are using an FDF feature to populate data from their account databases into blank forms.  For PDF files that could be downloaded and saved, they would require too much time (NOT real time) to generate the files while customers want the forms immediately for doing their taxes.  They cannot explain how I was able to download and save complete PDF files on 12 January but not on 16 February.  They claim that no change was made to their system in that interval.  However, I upgraded Acrobat Reader in that interval in response to a security vulnerability report.  If I have time, I might revert to the prior version of Acrobat Reader for a test.  
(Reporter)

Comment 6

11 years ago
As the Vanguard Web site evolves, UA sniffing becomes even worse.  

Now, when I logon to my account, I see a message that I have an obsolete version of Flash or no Flash at all.  Adobe's official Web page for testing the installation of Flash says that I do indeed have the latest version and that it is correctly installed.  

I brought this to the attention of Vanguard.  Their response indicates that the message about Flash is a result of using a non-supported browser.  The response lists the browsers that are supported, which include Firefox 2 but neither SeaMonkey nor Camino.  

Spoofing Firefox with "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.8, NOT Firefox/2.0.0.12" resolved the problem, demonstrating that this is indeed another case of invalid sniffing.  

I have communicated back to Vanguard that they are incorrectly sniffing for Firefox instead of Gecko.  I provided them with links to this bug report and to three "Gecko is Gecko" Web sites.  

Since the problem with the Vanguard Web site is becoming broader than merely viewing tax forms, I have updated the Summary to make it more general.  
Summary: [Vanguard.com] Cannot view tax Forms 1099 with SeaMonkey → [Vanguard.com] Improper UA Sniffing for Firefox Instead of Gecko

Updated

11 years ago
OS: Windows XP → All
Hardware: PC → All
Summary: [Vanguard.com] Improper UA Sniffing for Firefox Instead of Gecko → vanguard.com - Broken UA sniffing ("Firefox" instead of "Gecko") breaks tax form viewing, Flash version detection, etc.
(Reporter)

Comment 7

10 years ago
It is possible to test this bug without having a Vanguard account.  Some of the news pages reached through <https://personal.vanguard.com/us/news> contain Flash.  When viewing those pages with SeaMonkey and its default UA string, I see a box containing the text "You'll need to  download Macromedia Flash or upgrade your existing version  to view this data."   When viewing those pages with SeaMonkey while spoofing Firefox, I don't see that text; instead, the Flash is presented.  

One news page containing flash is at <https://personal.vanguard.com/us/VanguardViewsArticlePublic?ArticleJSP=/freshness/News_and_Views/news_ALL_mmyields_01262009_ALL.jsp&src=NMC&returnLink=/freshness/News_and_Views/news_ALL_mmyields_01262009_ALL.jsp>.  This page is the latest instance in which I observed this bug.  However, such pages may be transitory, remaining available only for a week or so.  

My current default UA string is:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081204 SeaMonkey/1.1.14

I spoofed to work around this problem today using the UA string: 
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081204 SeaMonkey/1.1.14, NOT Firefox/2.0.0.18

I have Flash 10.0.12.36 (10.0 r12) installed.  According to the Adobe Web site, this is indeed the latest version of Flash.  

Yes, I have notified Vanguard of the problem (again).
(Reporter)

Comment 8

9 years ago
Whether I use the actual UA string: 
    Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091206
            SeaMonkey/2.0.1
or spoof with:
    Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091206
            SeaMonkey/2.0.1 NOT Firefox/3.5.3
I have trouble downloading PDF forms from the Vanguard site.  The form "Roth IRA Conversion Kit" listed on <https://personal.vanguard.com/us/literature/manageaccounts/ira> has over 500 KB; the server consistently stops responding after sending about 250 KB.  

I reported the downloading problem to Vanguard.  Their response was:  

>Dear Mr. Ross,
>
>Thank you for your recent e-mail. We apologize for any inconvenience 
>you've experienced.
>
>At this time, we do not support the Seamonkey web browser and are not 
>able to troubleshoot any issues related to using it. Currently, our 
>site is optimized for the following Web Browsers:
>
>Microsoft Windows Web Browsers:
>1. Microsoft Internet Explorer 6.0.x or higher.
>2. Firefox 3.0.x or higher.
>3. Google Chrome 2.0.x or higher.
>4. America Online 9.x.
>
>We've found that these Web Browsers will allow you to fully 
>experience all the services and features of our website.
>
>While we hope to accommodate as many browsers and plug-ins as 
>possible, technical support and upgrades are usually not available 
>for older software. Plus, older software may not be compatible with 
>the latest advances in web-related technology and security features.
>
>If you have additional questions, please call Vanguard Voyager Select 
>Services(R) at 800-284-7245 and ask to speak with a Web technical 
>support specialist. You can reach us on business days from 8 a.m. to 
>7 p.m., Eastern time.
>
>Andrew J Patterson
>Support Specialist
>Vanguard Web Technical Support Services

I responded to indicate that (1) Gecko is indeed Gecko and (2) I previously downloaded such forms.
(Reporter)

Comment 9

8 years ago
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14

This now works okay, even without spoofing Firefox.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.