I originally reported this upstream as https://bugzilla.mozilla.org/show_bug.cgi?id=449303 but it appears to be Fedora-specific. There are screenshots attached to the upstream bug showing the behaviour I get. User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1 Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1 If you go to a URL with a basic auth username and password embedded in it, the confirmation dialog asks if "mybank" is the site I want to visit, where "mybank" is the username. If I do want to go to my bank I will click yes, and be taken to the phishing site. I believe the dialog should say 'is "www.mozilla.com" the site you want to visit?' instead, since that's the site the URL goes to. Reproducible: Always Steps to Reproduce: 1. click on http://mybank:com@www.mozilla.com/en-US/ 2. click yes, thinking you're going to your bank account Actual Results: dialog says: You are about to log in to the site "www.mozilla.com" with the user name "mybank", but the web site does not require authentication. This may be an attempt to trick you. Is "mybank" the site you want to visit? Expected Results: dialog says: You are about to log in to the site "www.mozilla.com" with the user name "mybank", but the web site does not require authentication. This may be an attempt to trick you. Is "www.mozilla.com" the site you want to visit?
The attachment I added to the upstream bug is https://bugzilla.mozilla.org/attachment.cgi?id=332813
I also see this on Ubuntu intrepid amd64, but upstream says it isn’t their fault: https://bugs.launchpad.net/fedora/+source/firefox/+bug/271933 https://bugzilla.mozilla.org/show_bug.cgi?id=455935
Still present in firefox-3.0.4-1.fc10.x86_64 (and in ubuntu's 3.0.3 apparently)
If you download an upstream binary from http://www.mozilla.com/en-US/ are you able to reproduce this? If yes, then it is conclusively an upstream issue.
works correctly with upstream build Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-GB; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5
still wrong with latest fedora build Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.5) Gecko/2008121622 Fedora/3.0.5-1.fc10 Firefox/3.0.5
This message is a reminder that Fedora 9 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 9. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '9'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 9's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 9 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
This message is a reminder that Fedora 10 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 10. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '10'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 10's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 10 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
The problem is no longer present with firefox-3.5.5-1.fc11.x86_64
Thank you for letting us know.