Bug#471525: iceweasel: authentication confirmation prompt asks whether user wishes to visit site $USERNAME

Tue, 18 Mar 2008 16:56:31 -0700 

Package: iceweasel
Version: 2.0.0.12-0etch1
Severity: normal

It appears that in some or all cases, the confirmation prompt window which is 
displayed when a user connects to a URL containing a username (and optional 
password) in the form of http://USER[:[EMAIL PROTECTED]/, will display a 
question prompting the user whether she wishes to connect to USER (instead of 
IP_ADDRESS). 
Please refer to the last sentence of the prompt, as seen in the attached 
screenshot.

A copy of this email is sent to Mozilla security team as this is a bug in a 
security measure which may confuse or misguide unaware users and maya result in 
them being tricked to authenticate against an incorrect web page.

Thanks for fixing,

Moritz

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (600, 'stable'), (500, 'proposed-updates')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-4-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages iceweasel depends on:
ii  debianutils            2.17              Miscellaneous utilities specific t
ii  fontconfig             2.4.2-1.2         generic font configuration library
ii  libatk1.0-0            1.12.4-3          The ATK accessibility toolkit
ii  libc6                  2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii  libcairo2              1.2.4-4           The Cairo 2D vector graphics libra
ii  libfontconfig1         2.4.2-1.2         generic font configuration library
ii  libfreetype6           2.2.1-5+etch2     FreeType 2 font engine, shared lib
ii  libglib2.0-0           2.12.4-2          The GLib library of C routines
ii  libgtk2.0-0            2.8.20-7          The GTK+ graphical user interface 
ii  libjpeg62              6b-13             The Independent JPEG Group's JPEG 
ii  libmyspell3c2          1:3.1-18          MySpell spellchecking library
ii  libpango1.0-0          1.14.8-5          Layout and rendering of internatio
ii  libpng12-0             1.2.15~beta5-1    PNG library - runtime
ii  libstdc++6             4.1.1-21          The GNU Standard C++ Library v3
ii  libx11-6               2:1.0.3-7         X11 client-side library
ii  libxft2                2.1.8.2-8         FreeType-based font drawing librar
ii  libxinerama1           1:1.0.1-4.1       X11 Xinerama extension library
ii  libxp6                 1:1.0.0.xsf1-1    X Printing Extension (Xprint) clie
ii  libxrender1            1:0.9.1-3         X Rendering Extension client libra
ii  libxt6                 1:1.0.2-2         X11 toolkit intrinsics library
ii  psmisc                 22.3-1            Utilities that use the proc filesy
ii  zlib1g                 1:1.2.3-13        compression library - runtime

iceweasel recommends no packages.

-- no debconf information

<<attachment: site_username_mixup.png>>

Reply via email to