[Bug 271933] Re: http://user:pass@site/ link asks ‘Is "user" the site you want to visit?’

2017-10-27 Thread Bug Watch Updater 
Launchpad has imported 11 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=462392.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2008-09-15T21:07:06+00:00 Jonathan wrote:

I originally reported this upstream as
https://bugzilla.mozilla.org/show_bug.cgi?id=449303
but it appears to be Fedora-specific.

There are screenshots attached to the upstream bug showing the behaviour
I get.

User-Agent:   Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1)
Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1)
Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1

If you go to a URL with a basic auth username and password embedded in it, the
confirmation dialog asks if "mybank" is the site I want to visit, where
"mybank" is the username.  If I do want to go to my bank I will click yes, and
be taken to the phishing site.
I believe the dialog should say 'is "www.mozilla.com" the site you want to
visit?' instead, since that's the site the URL goes to.

Reproducible: Always

Steps to Reproduce:
1. click on http://mybank:c...@www.mozilla.com/en-US/
2. click yes, thinking you're going to your bank account
Actual Results:  
dialog says:
You are about to log in to the site "www.mozilla.com" with the user name
"mybank", but the web site does not require authentication. This may be an
attempt to trick you.

Is "mybank" the site you want to visit?

Expected Results:  
dialog says:
You are about to log in to the site "www.mozilla.com" with the user name
"mybank", but the web site does not require authentication. This may be an
attempt to trick you.

Is "www.mozilla.com" the site you want to visit?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/271933/comments/0


On 2008-09-17T12:56:12+00:00 Jonathan wrote:

The attachment I added to the upstream bug is
https://bugzilla.mozilla.org/attachment.cgi?id=332813

Reply at:
https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/271933/comments/1


On 2008-09-18T22:58:32+00:00 Anders wrote:

I also see this on Ubuntu intrepid amd64, but upstream says it isn’t
their fault:

https://bugs.launchpad.net/fedora/+source/firefox/+bug/271933
https://bugzilla.mozilla.org/show_bug.cgi?id=455935

Reply at:
https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/271933/comments/13


On 2008-12-21T01:28:06+00:00 Jonathan wrote:

Still present in firefox-3.0.4-1.fc10.x86_64

(and in ubuntu's 3.0.3 apparently)

Reply at:
https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/271933/comments/20


On 2008-12-22T11:25:37+00:00 Matěj wrote:

If you download an upstream binary from http://www.mozilla.com/en-US/
are you able to reproduce this? If yes, then it is conclusively an
upstream issue.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/271933/comments/22


On 2008-12-22T23:39:24+00:00 Jonathan wrote:

works correctly with upstream build
Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-GB; rv:1.9.0.5) Gecko/2008120121 
Firefox/3.0.5

Reply at:
https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/271933/comments/23


On 2008-12-22T23:48:56+00:00 Jonathan wrote:

still wrong with latest fedora build
Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.5) Gecko/2008121622 
Fedora/3.0.5-1.fc10 Firefox/3.0.5

Reply at:
https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/271933/comments/24


On 2009-06-10T02:43:34+00:00 Bug wrote:


This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '9'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 9's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 9 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it

[Bug 271933] Re: http://user:pass@site/ link asks ‘Is user the site you want to visit?’

2014-10-26 Thread Bug Watch Updater 
** Changed in: firefox
   Status: Confirmed = Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/271933

Title:
  http://user:pass@site/ link asks ‘Is user the site you want to
  visit?’

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/271933/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs