Closed
Bug 950335
Opened 10 years ago
Closed 10 years ago
"Force encryption" changed by "Use encryption if available" after XMPP wizard
Categories
(Thunderbird :: Instant Messaging, defect)
Tracking
(thunderbird32 fixed, thunderbird33 fixed, thunderbird34 fixed, thunderbird_esr3132+ fixed)
RESOLVED
FIXED
Thunderbird 34.0
People
(Reporter: mozilla, Assigned: clokep)
Details
Attachments
(1 file)
1.08 KB,
patch
|
florian
:
review+
standard8
:
approval-comm-aurora+
standard8
:
approval-comm-beta+
standard8
:
approval-comm-esr31+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 (Beta/Release) Build ID: 20131213040203 Steps to reproduce: 1. Open the Accounts list 2 Add account 3. Choose XMPP 4. During the wizard, choose "Require encryption" (in french something like : force encryption) Actual results: "Force encryption" has been replaced by "Use encryption if available". If you choose "Force encryption" it will be kept this time. Only the XMPP wizard does not take this choice and always put "Use encryption if available"
Comment 1•10 years ago
|
||
I could reproduce this on Thunderbird, but not on Instantbird (even after enabling JS-XMPP).
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 2•10 years ago
|
||
Confirming this bug in TB 31. This looks like a security risk. How can TB automatically *lower* a security setting that the user actively set to high, potentially exposing login passwords to a man-in-the-middle? And nobody replies to this for over 8 months? Please CC somebody who has worked on this feature so that we can get this fixed, and if this bugzilla allows it, please add a security tag.
Comment 3•10 years ago
|
||
(In reply to Florian Quèze [:florian] [:flo] from comment #1) > I could reproduce this on Thunderbird, but not on Instantbird Because it's already been debugged and fixed for Instantbird in bug 955079. The fix is trivial, it's just something we forgot to port to Thunderbird :-(.
Assignee | ||
Comment 4•10 years ago
|
||
We should ask to uplift this to the TB 31 branch.
Assignee | ||
Comment 5•10 years ago
|
||
(In reply to mail from comment #2) > How can TB automatically *lower* a security setting that the user actively > set to high, potentially exposing login passwords to a man-in-the-middle? Please note that this wasn't done *on purpose* by any means. It's a bug, please don't attribute malice to this. Programmers are people too, they overlook things when writing code. > And nobody replies to this for over 8 months? Things fall off our radar, thanks for bringing it back to our attention! As you see, I've attached a fix for this.
Updated•10 years ago
|
Attachment #8474222 -
Flags: review?(florian) → review+
Assignee | ||
Updated•10 years ago
|
Keywords: checkin-needed
Updated•10 years ago
|
status-thunderbird31:
--- → affected
status-thunderbird32:
--- → affected
status-thunderbird33:
--- → affected
status-thunderbird34:
--- → affected
status-thunderbird_esr31:
--- → affected
tracking-thunderbird_esr31:
--- → ?
Comment 6•10 years ago
|
||
(In reply to Patrick Cloke [:clokep] from comment #5) > please don't attribute malice to this Oh that wasn't my intention at all; it was just the combination of it being an obvious bug, security related and reported a long time ago that turned me surprised about this having received no reply at all. Thanks for the swift response after my comment!
Comment 7•10 years ago
|
||
https://hg.mozilla.org/comm-central/rev/e8a8ea884634
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 34.0
Updated•10 years ago
|
Comment 8•10 years ago
|
||
Comment on attachment 8474222 [details] [diff] [review] Ported patch v1 [Triage Comment] Will take onto aurora straight away due to current trunk issues, will do beta/esr in a day or so.
Attachment #8474222 -
Flags: approval-comm-esr31?
Attachment #8474222 -
Flags: approval-comm-beta?
Attachment #8474222 -
Flags: approval-comm-aurora+
Updated•10 years ago
|
Attachment #8474222 -
Flags: approval-comm-esr31?
Attachment #8474222 -
Flags: approval-comm-esr31+
Attachment #8474222 -
Flags: approval-comm-beta?
Attachment #8474222 -
Flags: approval-comm-beta+
Updated•10 years ago
|
status-thunderbird34:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•