Robert Kaiser wrote: > John Doue wrote: > > Robert Kaiser wrote: > >> ST wrote: > >>> Hello, > >>> > >>> After updating to 1.1.14, when I go to www.wellsfargo.com, the line for > >>> the password entry box is gone! This has never happened with prior > >>> versions. Any suggestions? > >> > >> This is because they are using insecure (!) methods to do their > >> JavaScript on that page, unfortunately. > >> > > This does not tell me why it used to work with 1.1.13 and no longer > > works with 1.1.14. Could you please elaborate? Thanks > > https://bugzilla.mozilla.org/show_bug.cgi?id=470049 contains the story, > basically. > > What happens is that they deliver a part of the login page through a > third-party page they don't control, which we block because it's an > insecure thing to do and could possibly lead to password hijacking and > such things. In Firefox 3 and SeaMonkey 2 we allow such content to be > loaded by applying additional checks to make sure it cannot be misused, > but that needs Gecko to use even more code that the developers didn't > want to introduce into the stable version used by Firefox 2 and > SeaMonkey 1.1.x. > > It's IMHO a bug of Wells Fargo to load parts of their login page through > the third-party service of Akamai which they can not control and so > don't even know for sure what people see on the login page.
Any idea what they're trying to accomplish by using: <span class="mozcloak"><input type="password" accesskey="P" id="password" name="password" size="13" maxlength="14" style="float:left;width:147px;" tabindex="2" /></span> and the Akamai XBL stuff ? It seems like they shouldn't need the span and XBL stuff at all. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
