Before letting you visit a potentially confusing URL with an embedded HTTP username:password, Firefox pops up a “helpful” warning dialog asking you to confirm the site you intended to visit. Unfortunately, it asks you to confirm that you intend to visit the _username_, not that you intend to visit the real site!
Reproducible: Always
Steps to Reproduce:
1. Visit http://www.google.com:<email address hidden>/
Actual Results:
Confirm
You are about to log in to the site "members.tripod.com" with the username "www%2Egoogle%2Ecom", but the website does not require authentication. This may be an attempt to trick you.
Is "www%2Egoogle%2Ecom" the site you want to visit?
[No] [Yes]
Expected Results:
Is "members.tripod.com" the site you want to visit?
I’m using firefox 3.0.2+build3+nobinonly-0ubuntu2, xulrunner-1.9 1.9.0.2+build3+nobinonly-0ubuntu1 on Ubuntu intrepid amd64.
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008090211 Ubuntu/8.10 (intrepid) Firefox/3.0.1
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008090211 Ubuntu/8.10 (intrepid) Firefox/3.0.1
Before letting you visit a potentially confusing URL with an embedded HTTP username:password, Firefox pops up a “helpful” warning dialog asking you to confirm the site you intended to visit. Unfortunately, it asks you to confirm that you intend to visit the _username_, not that you intend to visit the real site!
Reproducible: Always
Steps to Reproduce: www.google. com:<email address hidden>/
1. Visit http://
Actual Results:
Confirm
You are about to log in to the site "members. tripod. com" with the username "www%2Egoogle% 2Ecom", but the website does not require authentication. This may be an attempt to trick you.
Is "www%2Egoogle% 2Ecom" the site you want to visit?
[No] [Yes]
Expected Results: tripod. com" the site you want to visit?
Is "members.
I’m using firefox 3.0.2+build3+ nobinonly- 0ubuntu2, xulrunner-1.9 1.9.0.2+ build3+ nobinonly- 0ubuntu1 on Ubuntu intrepid amd64.