Robert Kaiser wrote:
> John Doue wrote:
> > Robert Kaiser wrote:
> >> ST wrote:
> >>> Hello,
> >>>
> >>> After updating to 1.1.14, when I go to www.wellsfargo.com, the line for
> >>> the password entry box is gone! This has never happened with prior
> >>> versions. Any suggestions?
> >>
> >> This is because they are using insecure (!) methods to do their
> >> JavaScript on that page, unfortunately.
> >>
> > This does not tell me why it used to work with 1.1.13 and no longer
> > works with 1.1.14. Could you please elaborate? Thanks
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=470049 contains the story,
> basically.
>
> What happens is that they deliver a part of the login page through a
> third-party page they don't control, which we block because it's an
> insecure thing to do and could possibly lead to password hijacking and
> such things. In Firefox 3 and SeaMonkey 2 we allow such content to be
> loaded by applying additional checks to make sure it cannot be misused,
> but that needs Gecko to use even more code that the developers didn't
> want to introduce into the stable version used by Firefox 2 and
> SeaMonkey 1.1.x.
>
> It's IMHO a bug of Wells Fargo to load parts of their login page through
> the third-party service of Akamai which they can not control and so
> don't even know for sure what people see on the login page.

Any idea what they're trying to accomplish by using:
<span class="mozcloak"><input type="password" accesskey="P"
id="password" name="password"  size="13" maxlength="14"
style="float:left;width:147px;" tabindex="2" /></span>
and the Akamai XBL stuff ? It seems like they shouldn't need the span
and XBL stuff at all.
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Reply via email to