[Bug 271933] Re: http://user:pass at site/ link asks ‘Is "user" the site you want to visit?’
anders at kaseorg.com
Thu Sep 18 22:45:18 UTC 2008
Here’s a relevant comment from the upstream bug:
> There's something weirder going on here, because bug 449303 reported the same
> thing, also on a linux x86_64 platform.
> I am bringing this back to UNCONFIRMED - gavin suspects that there's weirdness
> in the x86_64 compiler they are using, which breaks the way we're doing our
> string substitutions. That probably means the problem is upstream with the
> distros, but I'd like to keep the bug open until we can find an answer.
> Anders, how would you feel about reporting this to the Ubuntu folks with
> reference to our suspicion, to see what they think?
** Description changed:
Binary package hint: firefox-3.0
[Mozilla upstream suggests this might be an Ubuntu problem, so I’m
filling a report here.]
Before letting you visit a potentially confusing URL with an embedded
HTTP username:password, Firefox pops up a “helpful” warning dialog
asking you to confirm the site you intended to visit. Unfortunately, it
asks you to confirm that you intend to visit the _username_, not that
you intend to visit the real site!
+ For example:
You are about to log in to the site "members.tripod.com" with the
username "www%2Egoogle%2Ecom", but the website does not require
authentication. This may be an attempt to trick you.
Is "www%2Egoogle%2Ecom" the site you want to visit?
I’m using firefox-3.0 3.0.2+build3+nobinonly-0ubuntu2, xulrunner-1.9
22.214.171.124+build3+nobinonly-0ubuntu1 on Ubuntu intrepid amd64.
** Bug watch added: Red Hat Bugzilla #462392
** Also affects: firefox (Fedora) via
http://user:pass@site/ link asks ‘Is "user" the site you want to visit?’
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox-3.0 in ubuntu.
More information about the Ubuntu-mozillateam-bugs