← Back to team overview

registry team mailing list archive

[Bug 271933] Re: http://user:pass@site/ link asks ‘Is "user" the site you want to visit?’

 

Launchpad has imported 15 comments from the remote bug at
https://bugzilla.mozilla.org/show_bug.cgi?id=455935.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2008-09-18T20:14:15+00:00 Anders Kaseorg wrote:

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008090211 Ubuntu/8.10 (intrepid) Firefox/3.0.1
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008090211 Ubuntu/8.10 (intrepid) Firefox/3.0.1

Before letting you visit a potentially confusing URL with an embedded
HTTP username:password, Firefox pops up a “helpful” warning dialog
asking you to confirm the site you intended to visit.  Unfortunately, it
asks you to confirm that you intend to visit the _username_, not that
you intend to visit the real site!

Reproducible: Always

Steps to Reproduce:
1. Visit http://www.google.com:search@xxxxxxxxxxxxxxxxxx/
Actual Results:  
Confirm

You are about to log in to the site "members.tripod.com" with the
username "www%2Egoogle%2Ecom", but the website does not require
authentication. This may be an attempt to trick you.

Is "www%2Egoogle%2Ecom" the site you want to visit?

[No] [Yes]

Expected Results:  
Is "members.tripod.com" the site you want to visit?

I’m using firefox 3.0.2+build3+nobinonly-0ubuntu2, xulrunner-1.9
1.9.0.2+build3+nobinonly-0ubuntu1 on Ubuntu intrepid amd64.

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/0

------------------------------------------------------------------------
On 2008-09-18T20:22:31+00:00 Gavin Sharp wrote:

I can't reproduce this bug using:
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008091618 Firefox/3.0.2
(302build6)
or
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3pre) Gecko/2008091704 GranParadiso/3.0.3pre

I see the correct "Is members.tripod.com the site you want to visit"
prompt.

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/1

------------------------------------------------------------------------
On 2008-09-18T20:26:45+00:00 Matti-mversen wrote:

Created attachment 339321
Screenshot from FF3.01

wfm with FF3.01 on win32

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/2

------------------------------------------------------------------------
On 2008-09-18T20:28:48+00:00 Matti-mversen wrote:

marking wfm, please report this to Ubuntu

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/3

------------------------------------------------------------------------
On 2008-09-18T20:56:54+00:00 Johnath wrote:

There's something weirder going on here, because bug 449303 reported the
same thing, also on a linux x86_64 platform.

I am bringing this back to UNCONFIRMED - gavin suspects that there's
weirdness in the x86_64 compiler they are using, which breaks the way
we're doing our string substitutions.  That probably means the problem
is upstream with the distros, but I'd like to keep the bug open until we
can find an answer.

Anders, how would you feel about reporting this to the Ubuntu folks with
reference to our suspicion, to see what they think?

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/4

------------------------------------------------------------------------
On 2008-09-18T21:10:21+00:00 Ted Mielczarek wrote:

I can reproduce this on x86-64 Ubuntu 8.04, with whatever 3.0.x they're
shipping. I'd get the user-agent, but I'm running on remote X from home,
so it's kind of painful.

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/5

------------------------------------------------------------------------
On 2008-09-18T21:28:31+00:00 Karlt wrote:

Seeing the behavior described in comment 0 on Gentoo, Mozilla/5.0 (X11;
U; Linux x86_64; en-US; rv:1.9.0.1) Gecko/2008081113 Gentoo
Firefox/3.0.1.

Seeing expected behavior on trunk, Mozilla/5.0 (X11; U; Linux x86_64;
en-US; rv:1.9.1b1pre) Gecko/20080915020339 Minefield/3.1b1pre.

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/6

------------------------------------------------------------------------
On 2008-09-18T21:31:39+00:00 Ted Mielczarek wrote:

Could be related to firefox-on-xulrunner, or some other weirdness.

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/7

------------------------------------------------------------------------
On 2008-09-18T22:24:10+00:00 Anders Kaseorg wrote:

No problem.  Reported to
<https://bugs.launchpad.net/firefox/+bug/271933>.

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/9

------------------------------------------------------------------------
On 2008-09-18T23:56:17+00:00 Karlt wrote:

Reproduced in a local debug build from cvs (without a separate xulrunner):
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2pre) Gecko/2008081513 Minefield/3.0.2pre

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/11

------------------------------------------------------------------------
On 2008-09-19T12:42:58+00:00 Zilla-kayari wrote:

(I'm the reporter of bug 449303 - seems I'm not the only one seeing this
now)

Could it be locale related? My system uses LANG=en_GB

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/13

------------------------------------------------------------------------
On 2008-09-19T12:49:54+00:00 Matti-mversen wrote:

*** Bug 449303 has been marked as a duplicate of this bug. ***

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/14

------------------------------------------------------------------------
On 2008-12-21T01:26:23+00:00 Zilla-kayari wrote:

Can anyone point me to the source related to this bug?  Preferably a URL
to an online repo view.  The firefox codebase is too large for me to
start trawling randomly hoping to find it, but I'd like to take a look.

Could this be due to relying on the order of evaluation of function
arguments, which is not defined, and could differ depending on platform
and optimisation level?

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/16

------------------------------------------------------------------------
On 2008-12-21T01:44:54+00:00 Trev-moz wrote:

http://mxr.mozilla.org/mozilla-
central/source/netwerk/protocol/http/src/nsHttpChannel.cpp is the
relevant code, search for the keyword "SuperfluousAuth".

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/17

------------------------------------------------------------------------
On 2010-08-15T19:30:33+00:00 Smontagu wrote:

Why was this moved to internationalization?

Reply at: https://bugs.launchpad.net/firefox/+bug/271933/comments/18

-- 
http://user:pass@site/ link asks ‘Is "user" the site you want to visit?’
https://bugs.launchpad.net/bugs/271933
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Fedora.