Comment 0 for bug 271933

User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008090211 Ubuntu/8.10 (intrepid) Firefox/3.0.1
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008090211 Ubuntu/8.10 (intrepid) Firefox/3.0.1

Before letting you visit a potentially confusing URL with an embedded HTTP username:password, Firefox pops up a “helpful” warning dialog asking you to confirm the site you intended to visit. Unfortunately, it asks you to confirm that you intend to visit the _username_, not that you intend to visit the real site!

Reproducible: Always

Steps to Reproduce:
1. Visit http://www.google.com:<email address hidden>/
Actual Results:
Confirm

You are about to log in to the site "members.tripod.com" with the username "www%2Egoogle%2Ecom", but the website does not require authentication. This may be an attempt to trick you.

Is "www%2Egoogle%2Ecom" the site you want to visit?

[No] [Yes]

Expected Results:
Is "members.tripod.com" the site you want to visit?

I’m using firefox 3.0.2+build3+nobinonly-0ubuntu2, xulrunner-1.9 1.9.0.2+build3+nobinonly-0ubuntu1 on Ubuntu intrepid amd64.