Closed
Bug 449303
Opened 16 years ago
Closed 16 years ago
confirmation dialog for suspect URLs using basic authentication is wrong
Categories
(Toolkit :: Safe Browsing, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 455935
People
(Reporter: zilla, Unassigned)
References
()
Details
Attachments
(2 files)
screenshot of dialog
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1 Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1 If you go to a URL with a basic auth username and password embedded in it, the confirmation dialog asks if "mybank" is the site I want to visit, where "mybank" is the username. If I do want to go to my bank I will clck yes, and be taken to the phishing site. I believe the dialog should say 'is "www.mozilla.com" the site you want to visit?' instead, since that's the site the URL goes to. Reproducible: Always Steps to Reproduce: 1. click on http://mybank:com@www.mozilla.com/en-US/ 2. click yes, thinking you're going to your bank account Actual Results: dialog says: You are about to log in to the site "www.mozilla.com" with the user name "mybank", but the web site does not require authentication. This may be an attempt to trick you. Is "mybank" the site you want to visit? Expected Results: dialog says: You are about to log in to the site "www.mozilla.com" with the user name "mybank", but the web site does not require authentication. This may be an attempt to trick you. Is "www.mozilla.com" the site you want to visit?
|
||
Comment 1•16 years ago
|
||
Clicking that link produces the correct dialog for me, that is, the bottom line reads: Is "www.mozilla.com" the site you want to visit? Can you provide a screenshot of the broken behaviour? This is WORKSFORME with the url provided.
|
Reporter | |
Comment 2•16 years ago
|
||
Thanks for the quick response. It also worksforme with 2.0.0.16 on Windows. I'll get a screenshot of the 3.0.1 behaviour on GNU/Linux and update this bug asap.
|
|
Reporter | |
Comment 3•16 years ago
|
||
This is what I get for the url in this report. If you don't see this I'll report it downstream to fedora.
|
||
Comment 4•16 years ago
|
||
In FF3 binary as released by Mozilla this is the dialog.
|
|
Reporter | |
Comment 5•16 years ago
|
||
OK, thanks, I'll report it to fedora. Feel free to close this.
|
|
||
Comment 6•16 years ago
|
||
Closing it.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
|
||
Updated•16 years ago
|
Resolution: WORKSFORME → DUPLICATE
|
Assignee | |
Updated•10 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•