Closed
Bug 87097
Opened 24 years ago
Closed 24 years ago
No alert given for entering/leaving secured servers for second and subsequent Hotmail logins
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
VERIFIED
WORKSFORME
psm2.0
People
(Reporter: doctor__j, Assigned: ddrinan0264)
Details
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.1+) Gecko/20010620
BuildID: 2001062009
Reproducible: Always
Steps to Reproduce:
1. Assume that you have enabled the alert for entering and leaving secure websites.
2. Sign out from Hotmail account first so you will come to the login page in the
next step.
3. Login to Hotmail. Choose "Keep me signed in..." for the Hotmail security
options.
4. After pressing "Sign In" button, you'll go to an HTTPS server first, and then
to an HTTP server.
5. When entering the HTTPS server, you'll be alerted for that. So far so good.
6. When leaving the HTTPS server (to go to an HTTP server), you're alerted once
again. That's correct behavior.
7. Close your browser.
8. Login to Hotmail again.
9. After pressing "Sign In" button, you'll go to an HTTPS server and then an
HTTP server as in step 4, but this time Mozilla will *not* give you any alert at
all.
And that's the problem I am telling in this bug report.
|
||
Comment 1•24 years ago
|
||
->Crypto
Reporter, was the "don't warn me again" box in the warning dialog checked? If
so, then it's behaving as expected.
Assignee: mstoltz → ddrinan
Component: Security: General → Security: Crypto
QA Contact: ckritzer → junruh
Of course I have checked that little sweet "Alert me next time" checkbox.
I know what I am doing here.
Otherwise I won't post a bug here.
IOW, I need to see that annoying alert popping up every time I go to Hotmail.
I crave for that... I am addicted to that... Phew.
First point:
I am on a 56k connection...
Does it quality as a fast??
Second point:
I meant the second and subsequent Hotmail logins. So for the first time login,
I DO see those alert boxes. That's the fun.
I would guess bug 78397 is reproducible for all the time, not just for the
second and subsequent try, right?
Component: Security: Crypto → Client Library
Product: Browser → PSM
Target Milestone: --- → 2.0
Version: other → 2.0
|
Assignee | |
Comment 5•24 years ago
|
||
This works for me on WinNT.
junruh: Please try this on a win98 machine.
reporter: Please try this a later build and also try it with a fresh profile.
I can still reproduce this bug using Win32 build 2001062606 on a freshly baked
profile.
Reporter, you say:
After pressing "Sign In" button, you'll go to an HTTPS server
and then an HTTP server as in step 4, but this time Mozilla
will *not* give you any alert at all.
How do you know you are going through an HTTPS and then an HTTP URL? It looks
to me like the "Keep me signed in..." button activates a cookie which is used to
let you login without going through the HTTPS page.
You can see on the URL bar that "https://" is being used, and then "http://"
again. I can see the "http -> https -> http" transition on the URL bar in NS4.x
as well.
> It looks to me like the "Keep me signed in..." button activates a cookie
> which is used to let you login without going through the HTTPS page.
The URL bar can't tell a lie... Take a look at the URL bar when trying to
reproduce the bug.
|
||
Comment 9•24 years ago
|
||
This works for me. Reporter, can you try it with a 6/28 build? Some more fixes
are in this build. Reopen if you still see a problem.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WORKSFORME
|
Reporter | |
Comment 10•24 years ago
|
||
Thanks.
It's WFM too using Win32 build 2001062706.
My craved security warning dialog is back! Big kisses...
|
||
Updated•9 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•