Bug 464086

Summary: Banking login handled differently in Linux versus XP
Product: [Fedora] Fedora Reporter: Michael McLagan <mmclagan>
Component: firefoxAssignee: Gecko Maintainer <gecko-bugs-nobody>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: gecko-bugs-nobody, mcepl, stransky, walters
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: https://secure.nbtbank.com/cgi-bin/hbproxy.exe/1219/signon
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-29 19:29:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael McLagan 2008-09-26 08:19:46 UTC 
Description of problem:

The site in question is the online banking for a NY State bank.  The login process requires a userid, on a new computer it asks a verification question, then it asks for the password.  Successful entries result in viewing the bank accounts, etc.

The problem is, since updating to Firefox 3, the 2nd step doesn't work -- the bank *NEVER* recognises any PC using FF3 Linux.  I always have to provide the login id, the verification and the password.

Worse still, if I reboot the laptop into XP and use the standard FF3 distribution from http://www.mozilla.com/en-US/firefox/ the bank skips over the verification question -- it recognises that I've used the system to log in previously and just asks for a password.

Version-Release number of selected component (if applicable):

firefox-3.0.1-1.fc9.i386

How reproducible:

Always

Steps to Reproduce:
1.  See above
2.
3.
  
Actual results:

I get asked the verification question every time.

Expected results:

I skip over the verification question every time.

Additional info:

I realize that this is probably next to impossible to work on -- I'm not about to hand over my userid/verification/password for my bank account!  :)

I'm also not entirely sure that this is part of FF that has been modified by Fedora/Redhat or if it's a secondary component or whatever.  If necessary I will post it there if it doesn't fall under a modified or secondary component.

I have cleared all cookies, cleared all permissions, set very permissive access to the profile directory and files, basically everything I could short of reading code or capturing packets.  It doesn't seem to be something simple.
Comment 1 Martin Stransky 2008-09-26 10:08:51 UTC 
Can you check the official mozilla binaries for linux? (download them from mozilla.org, unpack and run them in some directory). It can confirm if the fedora binary is broken or not...
Comment 2 Matěj Cepl 2008-09-26 15:36:54 UTC 
What is the output of /usr/sbin/getenforce ?

Thank you very much.
Comment 3 Michael McLagan 2008-09-26 20:40:27 UTC 
[root@titan ~]# /usr/sbin/getenforce
Disabled
Comment 4 Michael McLagan 2008-09-26 21:54:51 UTC 
Created mozilla bugzilla report after testing official Linux binary, v3.0.2 from mozilla.com.

https://bugzilla.mozilla.org/show_bug.cgi?id=457321
Comment 5 Matěj Cepl 2008-09-29 19:29:41 UTC 
Thanks for letting us know about your bug upstream. We believe that it is more appropriate to let it be resolved upstream.

Red Hat will continue to track the issue in the centralized upstream bug tracker, and will review any bug fixes that become available for consideration in future updates.

Thank you for the bug report.