[Bug 271933] [NEW] http://user:pass at site/ link asks ‘Is "user" the site you want to visit?’

Anders Kaseorg anders at kaseorg.com
Thu Sep 18 22:23:02 UTC 2008

Public bug reported:

Binary package hint: firefox-3.0

[Mozilla upstream suggests this might be an Ubuntu problem, so I’m
filling a report here.]

Before letting you visit a potentially confusing URL with an embedded
HTTP username:password, Firefox pops up a “helpful” warning dialog
asking you to confirm the site you intended to visit.  Unfortunately, it
asks you to confirm that you intend to visit the _username_, not that
you intend to visit the real site!


You are about to log in to the site "members.tripod.com" with the
username "www%2Egoogle%2Ecom", but the website does not require
authentication. This may be an attempt to trick you.

Is "www%2Egoogle%2Ecom" the site you want to visit?

[No] [Yes]

I’m using firefox-3.0 3.0.2+build3+nobinonly-0ubuntu2, xulrunner-1.9 on Ubuntu intrepid amd64.

** Affects: firefox
     Importance: Unknown
         Status: New

** Affects: firefox-3.0 (Ubuntu)
     Importance: Undecided
         Status: New

** Bug watch added: Mozilla Bugzilla #455935

** Also affects: firefox via
   Importance: Unknown
       Status: Unknown

http://user:pass@site/ link asks ‘Is "user" the site you want to visit?’
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox-3.0 in ubuntu.

More information about the Ubuntu-mozillateam-bugs mailing list