Open
Bug 460238
Opened 16 years ago
Updated 2 years ago
Focus-stealing certificate popup
Categories
(Thunderbird :: Mail Window Front End, defect)
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: mozilla-bugs-2011.08, Unassigned)
References
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 Build Identifier: version 2.0.0.17 (20080925) When Thunderbird tries to download mail from a server with an expired certificate, the cert popup steals focus. This is especially problematic while composing new messages, as the keyboard input that was meant for the message is intercepted by the popup dialog and thus Thunderbird may take insecure actions that the user did not intend. Reproducible: Always Steps to Reproduce: 1. Configure Thunderbird to download messages via POP3 from a server with an expired certificate. 2. Set an automatic mail check interval. 3. Compose an email and type while the certificate expired popup comes up Actual Results: The certificate popup steals focus and intercepts input not meant for it. This may lead to an insecure action that the user did not intend. Expected Results: The popup would not intercept input not meant for it.
Reporter | ||
Comment 2•15 years ago
|
||
I have not yet upgraded to Tb3 due to a critical extension, but I will test and report back as soon as I set up a test machine. Thanks.
Comment 3•13 years ago
|
||
(In reply to Dotan Cohen from comment #2) > I have not yet upgraded to Tb3 due to a critical extension, but I will test > and report back as soon as I set up a test machine. Thanks. Dotan, can your reproduce with v5 or v6?
Whiteboard: [closeme 2011-09-01]
Reporter | ||
Comment 4•13 years ago
|
||
Thanks, Wayne. I will try to expire the certificate on my server to check. I'll get back to you soon on this.
Reporter | ||
Comment 5•13 years ago
|
||
I cannot invalidate the certificate of my primary webserver. Does anyone know of a server with an expired certificate that I can get an account on temporarily to test this? Thanks.
Comment 6•13 years ago
|
||
I think kaie as a server running with an expired cert for testing.
Comment 7•13 years ago
|
||
(In reply to Ludovic Hirlimann [:Usul] from comment #6) > I think kaie as a server running with an expired cert for testing. kaie, can you suggest server+cert?
Whiteboard: [closeme 2011-09-01]
Comment 8•13 years ago
|
||
similar/same as bug 383634?
Comment 9•9 years ago
|
||
(In reply to Wayne Mery (:wsmwk, use Needinfo for questions) from comment #7) > (In reply to Ludovic Hirlimann [:Usul] from comment #6) > > I think kaie as a server running with an expired cert for testing. > > kaie, can you suggest server+cert? true?
Flags: needinfo?(kaie)
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•