Open Bug 460238 Opened 16 years ago Updated 2 years ago

Focus-stealing certificate popup

Categories

(Thunderbird :: Mail Window Front End, defect)

Product:
Thunderbird
Component:
Mail Window Front End
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: mozilla-bugs-2011.08, Unassigned)

References

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3
Build Identifier: version 2.0.0.17 (20080925)

When Thunderbird tries to download mail from a server with an expired certificate, the cert popup steals focus. This is especially problematic while composing new messages, as the keyboard input that was meant for the message is intercepted by the popup dialog and thus Thunderbird may take insecure actions that the user did not intend.


Reproducible: Always

Steps to Reproduce:
1. Configure Thunderbird to download messages via POP3 from a server with an expired certificate.
2. Set an automatic mail check interval.
3. Compose an email and type while the certificate expired popup comes up
Actual Results:  
The certificate popup steals focus and intercepts input not meant for it. This may lead to an insecure action that the user did not intend.

Expected Results:  
The popup would not intercept input not meant for it.
Can you try to reproduce this matter with Thunderbird 3?
I have not yet upgraded to Tb3 due to a critical extension, but I will test and report back as soon as I set up a test machine. Thanks.
(In reply to Dotan Cohen from comment #2)
> I have not yet upgraded to Tb3 due to a critical extension, but I will test
> and report back as soon as I set up a test machine. Thanks.

Dotan, can your reproduce with v5 or v6?
Whiteboard: [closeme 2011-09-01]
Thanks, Wayne. I will try to expire the certificate on my server to check. I'll get back to you soon on this.
I cannot invalidate the certificate of my primary webserver. Does anyone know of a server with an expired certificate that I can get an account on temporarily to test this?

Thanks.
I think kaie as a server running with an expired cert for testing.
(In reply to Ludovic Hirlimann [:Usul] from comment #6)
> I think kaie as a server running with an expired cert for testing.

kaie, can you suggest server+cert?
Whiteboard: [closeme 2011-09-01]
similar/same as bug 383634?
(In reply to Wayne Mery (:wsmwk, use Needinfo for questions) from comment #7)
> (In reply to Ludovic Hirlimann [:Usul] from comment #6)
> > I think kaie as a server running with an expired cert for testing.
> 
> kaie, can you suggest server+cert?

true?
Flags: needinfo?(kaie)
https://kuix.de:5143/
Flags: needinfo?(kaie)
No longer blocks: 942610
See Also: → 1715740
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.