[Bug 271933] [NEW] http://user:pass at site/ link asks ‘Is "user" the site you want to visit?’
anders at kaseorg.com
Thu Sep 18 22:23:02 UTC 2008
Public bug reported:
Binary package hint: firefox-3.0
[Mozilla upstream suggests this might be an Ubuntu problem, so I’m
filling a report here.]
Before letting you visit a potentially confusing URL with an embedded
HTTP username:password, Firefox pops up a “helpful” warning dialog
asking you to confirm the site you intended to visit. Unfortunately, it
asks you to confirm that you intend to visit the _username_, not that
you intend to visit the real site!
You are about to log in to the site "members.tripod.com" with the
username "www%2Egoogle%2Ecom", but the website does not require
authentication. This may be an attempt to trick you.
Is "www%2Egoogle%2Ecom" the site you want to visit?
I’m using firefox-3.0 3.0.2+build3+nobinonly-0ubuntu2, xulrunner-1.9
22.214.171.124+build3+nobinonly-0ubuntu1 on Ubuntu intrepid amd64.
** Affects: firefox
** Affects: firefox-3.0 (Ubuntu)
** Bug watch added: Mozilla Bugzilla #455935
** Also affects: firefox via
http://user:pass@site/ link asks ‘Is "user" the site you want to visit?’
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox-3.0 in ubuntu.
More information about the Ubuntu-mozillateam-bugs