Closed Bug 93854 Opened 24 years ago Closed 24 years ago

Possible Security Flaw with Hotmail

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 62046

People

(Reporter: will583, Assigned: asa)

Details

From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3+) Gecko/20010805 BuildID: 2001080506 Having Preferneces/Privacy Security/ Images ........."Accept images that come from the originating server only" [ticked] will cause, when logged into hotmail not show the 'passport logout' link, which may cause a user to leave the site whilst still logged on. Reproducible: Always Steps to Reproduce: 1.Change over to 'Accept images that come from the originating server only' 2.log on to hotmail. 3.The logout link is no longer there. Actual Results: The link dissapeard on logging on. Expected Results: To show the link. Although the link/image probably comes from another server as is mozilla is doing the right thing, but as mentioned it may be a security flaw.
Reporter: What should Mozilla do ? It may be a security problem but you have selected not to download this image. Would it be Ok if Mozilla displays the alternative text of that image instead of the image itself ? Component:PICS -> Browser general ?
Assignee: neeti → asa
Component: PICS → Browser-General
QA Contact: neeti → doronr
I don't use hotmail so I'm not sure how this works, but does Passport use ALT text for their images? If not, this might be evangelism to get them to do so.
marking as a dupe of 62046. You should be able to logout with the alt text... *** This bug has been marked as a duplicate of 62046 ***
Status: UNCONFIRMED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
OS: Linux → All
Hardware: PC → All
The alt text for the image in Hotmail is "Sign out of Passport sites". (The image itself says "passport" and "sign out", with "sign out" underlined and in a bright color.) So there is alt text, although it might be confusing to someone who doesn't know that Passport is Hotmail's authentication system. Why not just "sign out"? The alt text is very hard to read with the page's color scheme, however, at least when using IE. The area of the page that contains most of the images is dark blue, but the entire page uses text and link colors suited for the white area in the middle of the page. Mozilla not displaying the alt text is probably the same problem as bug 62046, "ALT text isn't displayed when image loading disabled".
When I was logged in there was no alt text, I also logged in with Opera to confirm the exact placing of the log out images and in mozilla it just wasnt there even hovering the mouse there for a while. Nothing, I had no way of logging out.
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.