Comment 23 for bug 271933
Revision history for this message
|
|
#23 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I originally reported this upstream as
https:/
but it appears to be Fedora-specific.
There are screenshots attached to the upstream bug showing the behaviour I get.
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1)
Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1)
Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1
If you go to a URL with a basic auth username and password embedded in it, the
confirmation dialog asks if "mybank" is the site I want to visit, where
"mybank" is the username. If I do want to go to my bank I will click yes, and
be taken to the phishing site.
I believe the dialog should say 'is "www.mozilla.com" the site you want to
visit?' instead, since that's the site the URL goes to.
Reproducible: Always
Steps to Reproduce:
1. click on http://
2. click yes, thinking you're going to your bank account
Actual Results:
dialog says:
You are about to log in to the site "www.mozilla.com" with the user name
"mybank", but the web site does not require authentication. This may be an
attempt to trick you.
Is "mybank" the site you want to visit?
Expected Results:
dialog says:
You are about to log in to the site "www.mozilla.com" with the user name
"mybank", but the web site does not require authentication. This may be an
attempt to trick you.
Is "www.mozilla.com" the site you want to visit?