[Bug 271933] Re: http://user:pass at site/ link asks ‘Is "user" the site you want to visit?’

Anders Kaseorg anders at kaseorg.com
Thu Sep 18 22:45:18 UTC 2008 

Here’s a relevant comment from the upstream bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=455935#c4
> There's something weirder going on here, because bug 449303 reported the same
> thing, also on a linux x86_64 platform.
> 
> I am bringing this back to UNCONFIRMED - gavin suspects that there's weirdness
> in the x86_64 compiler they are using, which breaks the way we're doing our
> string substitutions.  That probably means the problem is upstream with the
> distros, but I'd like to keep the bug open until we can find an answer.
> 
> Anders, how would you feel about reporting this to the Ubuntu folks with
> reference to our suspicion, to see what they think?


** Description changed:

  Binary package hint: firefox-3.0
  
  [Mozilla upstream suggests this might be an Ubuntu problem, so I’m
  filling a report here.]
  
  Before letting you visit a potentially confusing URL with an embedded
  HTTP username:password, Firefox pops up a “helpful” warning dialog
  asking you to confirm the site you intended to visit.  Unfortunately, it
  asks you to confirm that you intend to visit the _username_, not that
  you intend to visit the real site!
+ 
+ For example:
+ http://www.google.com:search@members.tripod.com/
  
  Confirm
  
  You are about to log in to the site "members.tripod.com" with the
  username "www%2Egoogle%2Ecom", but the website does not require
  authentication. This may be an attempt to trick you.
  
  Is "www%2Egoogle%2Ecom" the site you want to visit?
  
  [No] [Yes]
  
  I’m using firefox-3.0 3.0.2+build3+nobinonly-0ubuntu2, xulrunner-1.9
  1.9.0.2+build3+nobinonly-0ubuntu1 on Ubuntu intrepid amd64.

** Bug watch added: Red Hat Bugzilla #462392
   https://bugzilla.redhat.com/show_bug.cgi?id=462392

** Also affects: firefox (Fedora) via
   https://bugzilla.redhat.com/show_bug.cgi?id=462392
   Importance: Unknown
       Status: Unknown

-- 
http://user:pass@site/ link asks ‘Is "user" the site you want to visit?’
https://bugs.launchpad.net/bugs/271933
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox-3.0 in ubuntu.

More information about the Ubuntu-mozillateam-bugs mailing list