password not saved for mail.yahoo.co.jp - request to recompile with WALLET_DONT_CACHE_ALL_PASSWORDS undefined
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mozilla Firefox |
Won't Fix
|
Medium
|
|||
firefox-3.0 (Ubuntu) |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Binary package hint: firefox-3.0
Firefox 3 in hardy (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 Firefox/3.0) does not save the password when entering the Japanese mail.yahoo.co.jp or any of the yahoo.co.jp sites
ProblemType: Bug
Architecture: i386
Date: Wed Jun 25 20:45:16 2008
DistroRelease: Ubuntu 8.04
Package: firefox-3.0 3.0+nobinonly-
PackageArchitec
ProcEnviron:
SHELL=/bin/bash
PATH=/
LC_MESSAGES=
LANG=de_DE.utf8
SourcePackage: firefox-3.0
Uname: Linux 2.6.24-19-generic i686
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #2 |
That's because yahoo has opted out of using the password manager.
In Mozilla Bugzilla #93776, Tpreston (tpreston) wrote : | #3 |
Verified
In Mozilla Bugzilla #93776, Spam-minneboken (spam-minneboken) wrote : | #4 |
*** Bug 111603 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Spam-minneboken (spam-minneboken) wrote : | #5 |
Modifying summary: "mamanger" -> "manager"
In Mozilla Bugzilla #93776, Forrestx-taylor (forrestx-taylor) wrote : | #6 |
Is there anything that we can do to convince Yahoo! to use the password manager?
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #7 |
*** Bug 111634 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #8 |
*** Bug 82956 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #9 |
*** Bug 90013 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #10 |
*** Bug 110008 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #11 |
Forest Taylor: Is there anything that we can do to convince Yahoo! to use the
password manager?
Yes. Open a separate bug and assign it to evangelism. The opt-out feature was
added to satisfy the strong demands of the financial community. But there is
absolutely no reason that yahoo mail should consider itself in that category and
chose to opt out. See all the dups of this bug and you'll realize how many
people are agreeing with me.
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #12 |
*** Bug 114468 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Gilles Durys (mozbug) wrote : | #13 |
*** Bug 115809 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Neilpryde92651 (neilpryde92651) wrote : | #14 |
Created attachment 62087
Hack to re-enable the autocomplete ^_~
Hm, this will fix your problems :)
In Mozilla Bugzilla #93776, Neilpryde92651 (neilpryde92651) wrote : | #15 |
"The opt-out feature was added to satisfy the strong demands of the financial
community."
Why do we have this button 'Never for this site', if you can't use it? Are we,
mozilla and netscape users, really that stupid? The financial community can go
to hell with their demands. Power to the people :)
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #16 |
The correct way to do this is to look in extensions/
search for the sections of code that are bracked by #ifdef
WALLET_
pref setting.
Only problem is whether or not the financial institutions pull the plug on the
mozilla/netscape6 browser if we do that.
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #17 |
*** Bug 101048 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #18 |
*** Bug 118688 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Jruderman (jruderman) wrote : | #19 |
Reopening and moving to evangelism. We should at least let Yahoo know how many
Mozilla users reported this bug to us.
In Mozilla Bugzilla #93776, Jruderman (jruderman) wrote : | #20 |
-> tech evangelism
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #21 |
*** Bug 120512 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #22 |
Most but not all the dups of this bug have to do with yahoo mail (see 101048 and
120512 for example and there are a few others). Therefore changing summary from
yahoo mail login form tells password manager not to offer to remember pwds
to
Several sites, notably yahoo mail, opt out of using password manager
It's true that most of the other sites are financial institutions and they have
good reason (at least in their opinion) of opting out. So there's nothing much
evangelism can do there. But sites like yahoo mail have no justification for
opting out and these are the sites that evangelism should focus on.
In Mozilla Bugzilla #93776, Bclary (bclary) wrote : | #23 |
this is not in the scope of the evangelism effort. They are using the available
features of the browser. If you as a customer do not like that, please complain
or use another service.
doron, i say mark it invalid.
In Mozilla Bugzilla #93776, Doronr (doronr) wrote : | #24 |
Anyone want to do this? We have more important bugs out there, but if someone
wants to take this and contact yahoo, that person can take the bug. Otherwise,
invalid
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #25 |
*** Bug 124829 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Nicolás Lichtmaier (niqueco) wrote : | #26 |
IMO users should have to have a way to force the use of the password manager,
despite everything the site says.
In Mozilla Bugzilla #93776, Twig5151 (twig5151) wrote : | #27 |
I agree that the user should have the choice, even if it's not a default and
activated by a hidden pref. A browser is a *client* application, and banks
shouldn't be able to blackmail Mozilla into inconveniencing users who wish to
make a choice - after all, users could walk around with their password details
printed on their T-shirts if they really wanted to, so why aren't we allowed to
instruct our browsers to memorise things for us?
If it's difficult to activate (e.g. hidden pref / lots of warning dialog boxes),
then it can only be done by someone conscious of the risks, hence there can be
no *reasonable* case for anyone to block the browser.
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #28 |
There are two separate issues here so let's not confuse them.
One is whether the user should have access to a hidden pref to override a
financial website which has a bonafide reason for wanting to opt out of password
manager. That is the topic of bug 124065. See also bug 63961 which created the
ability for a site to opt out in the first place.
The other issue is specifically about yahoo.mail, and whether it should be using
this opt-out mechanism that was designed for financial institutions. That is
the issue in this bug report. IMO, the answer is that they should not be and
that an evangelist will need to get them to see the error of their ways.
Please keep discussion in this bug focused on the second issue only, since there
are other bug reports specifically for the first.
In Mozilla Bugzilla #93776, Holbitlan (holbitlan) wrote : | #29 |
as I am not very mistaken, you can use the financial section of Yahoo with the
same userID and password of the mail section.
Even more if you sign into mail, you need not sign in for financial again -> the
same cookie is used.
Whether the yahoo financial section justifies to use a "bank opt-out" is IMHO
another point.
In Mozilla Bugzilla #93776, Jruderman (jruderman) wrote : | #30 |
Christian: If by "the financial section of Yahoo" you mean PayDirect, it
requires an extra password in addition to your Yahoo ID and password. It makes
sense for PayDirect to require this extra password, because users aren't as
careful with webmail passwords as they are with financial passwords. PayDirect
only asks you to enter the extra password once you have logged into Yahoo *and*
established an https connection to Paydirect. The form that asks you for the
extra password correctly uses autocomplete=off.
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #31 |
*** Bug 134789 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Mozilla-cabbey (mozilla-cabbey) wrote : | #32 |
Jesse: I believe Christian meant finance.yahoo.com and the umbrella of other
domains under it (banking.yahoo.com, loans.yahoo.com, insurance.
taxes.yahoo.com, etc.) which includes function for tracking nearly every piece
of personal financial information you could dream up, including 401K, credit
cards, stocks and bonds, taxes and more. All of this is "protected" behind a
common login page hosted off of login.yahoo.com, which also happenes to be the
common login of mail.yahoo.com. This of course brings up the irony of the fact
that on a page where they prohibit us from saving userid/password in PSM, they
offer a checkbox to have them leave a cookie and remember your login.
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #33 |
*** Bug 137471 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #34 |
*** Bug 139920 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Tushar T (sukucorp) wrote : | #35 |
I had contacted yahoo regarding using the autocomplete=off in their login form
long before mozilla supported the autocomplete attribute. They never replied back.
Also, I tried the hack that is mentioned, but the password manager doesn't kick
in the first time when I visit http://
signin and then signout and then try to sign in. Think it has something to do
with the way the current URL and the form submission URL. The first time I visit
Yahoo mail, the location bar is http://
logout and go to the sign in page, the location bar is at
http://
In Mozilla Bugzilla #93776, Bugzilla-kl (bugzilla-kl) wrote : | #36 |
Tushar: could you try again? and tell them how many people ask for that?
In Mozilla Bugzilla #93776, Bugs4hj (bugs4hj) wrote : | #37 |
It seem that Neil forgot to inform you about one little trick, javascript should
be disabled the first time only!
1 - disable javascript for navigator (Menu/Edit/
Windo...
2 - now, visit http://
3 - type your name and password here (password dialog will be displayed)
4 - re-enable javascript for navigator
Now, your worries are over. I should know, because I'm the person who developed
this little hack for MultiZilla, and it still works ;)
In Mozilla Bugzilla #93776, Crazed-cowboy (crazed-cowboy) wrote : | #38 |
you know, i'm sure that doubleclick would be unhappy to know that i blocked all
images from their site. i'm also sure that a lot of people would be unhappy to
know that my cookies are killed whenever i close the browser.
these options are still available in mozilla.
i see no reason why i shouldnt be able to force mozilla to remember the password
for a specific page. if yahoo wants to make their default to not-remember,
fine. but it is my computer, i want to be able to override it.
In Mozilla Bugzilla #93776, Morse (morse) wrote : | #39 |
*** Bug 143074 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Susiew (susiew) wrote : | #40 |
My Yahoo login password is saved in my password manager. Is this a legacy from
before Yahoo opted out?
53 comments hidden Loading more comments | view all 133 comments |
In Mozilla Bugzilla #93776, Bugzilla-accessibleinter (bugzilla-accessibleinter) wrote : | #94 |
*** Bug 268978 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Kevin Brosnan (kbrosnan) wrote : | #95 |
*** Bug 280790 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Bmo-2 (bmo-2) wrote : | #96 |
like db in comment 91, i've tried setting wallet.
true and i've tried jesse's "remember password" bookmarklet from
http://
the disable javascript hack. still no dice with mail.yahoo.com... why is yahoo
able to dictate this behavior?
i've been testing all this on firefox 1.0.1 on XP.
In Mozilla Bugzilla #93776, Rsupport (rsupport) wrote : | #97 |
I've switched to a Mac since my last post. In addition to having this bug, Yahoo has become so slow and
tedious to use that it's not worth it. I'm giving up on Yahoo altogether.
In Mozilla Bugzilla #93776, Jasper Bryant-Greene (jasperbg) wrote : | #98 |
There's another issue here. Some sites' passwords won't save even though there's
no autocomplete="off" in the code.
This is because they use JavaScript to generate a SHA-1 hash of the password
(with salt added) client-side and store that in a seperate form field prior to
submission. They also blank the real password field to prevent the cleartext
password being sent.
Because the password field is blanked and Password Manager must not check until
after onsubmit="" is called, Password Manager doesn't offer to remember the
password.
You can observe this at http://
http://
In Mozilla Bugzilla #93776, Dgk-dking (dgk-dking) wrote : | #99 |
The Kiwibank problem was reported in Bug #208857
(In reply to comment #98)
> You can observe this at http://
> http://
In Mozilla Bugzilla #93776, Kevin Brosnan (kbrosnan) wrote : | #100 |
*** Bug 292828 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Bmo-2 (bmo-2) wrote : | #101 |
another option i tried is the "Allow Password Remembering" grease monkey user
script available from the 4/10/05 post at
http://
behave the same way as setting wallet.
expected, this still doesn't work with mail.yahoo.com :(
does anyone have a solution for mail.yahoo.com?
In Mozilla Bugzilla #93776, Shriramana Sharma (jamadagni) wrote : | #102 |
Adding self to CC list.
(In reply to comment #16)
> The correct way to do this is to look in extensions/
> search for the sections of code that are bracked by #ifdef
> WALLET_
> pref setting.
Is this an instructions for end-users who can tweak something within their
profile or install directory or instruction for coders? Please explain.
In Mozilla Bugzilla #93776, Mozilla-cabbey (mozilla-cabbey) wrote : | #103 |
(In reply to comment #102)
> Is this an instructions for end-users who can tweak something within their
> profile or install directory or instruction for coders? Please explain.
That's an implementation suggestion for developers, not something the average
end user would be doing. It would require changing the source code to mozilla
and rebuilding the browser.
In Mozilla Bugzilla #93776, Jms-gmx (jms-gmx) wrote : | #104 |
The same behaviour as described in comment #98 I find at
http://
With javascript, they somehow manage to blank out the password. But how do they
differentiate between the password a user typed in and one password manager
types in?
In Mozilla Bugzilla #93776, Mikecepek (mikecepek) wrote : | #105 |
What about suggesting to Yahoo! that they create another login page which does
not use AUTOCOMPLETE="off"?
If they didn't advertise that alternate login page, but instead just made it
quietly available to only those of us clamoring for it and persistent enough to
locate it -- wouldn't that solve the problem for everyone?
Yahoo! currently has "standard" and "secure" login pages. I'm just talking
about exact duplicates of those pages without the AUTOCOMPLETE tag. This is as
close as it gets to being zero effort for Yahoo! to address.
I'd suggest this to Yahoo! myself, but it's clear from reading all the comments
here that others have better connections that I do. OTOH, if this is a good
idea, let's all suggest this to them en masse.
In Mozilla Bugzilla #93776, Jruderman (jruderman) wrote : | #106 |
*** Bug 329298 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Kevin Brosnan (kbrosnan) wrote : | #107 |
*** Bug 345615 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Mozilla-bugs-2010-04 (mozilla-bugs-2010-04) wrote : | #108 |
Here is a way to add blocked sites without adding any extensions or scripts to Firefox:
http://
Tested on Yahoo, Wachovia, Fabulous. (disclaimer: it is my site, I wrote it)
In Mozilla Bugzilla #93776, Gavin Sharp (gavin-sharp) wrote : | #109 |
*** Bug 349521 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Gavin Sharp (gavin-sharp) wrote : | #110 |
*** Bug 385185 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, longsonr (longsonr) wrote : | #111 |
*** Bug 436062 has been marked as a duplicate of this bug. ***
Rolf Leggewie (r0lf) wrote : password not saved for mail.yahoo.co.jp | #112 |
Binary package hint: firefox-3.0
Firefox 3 in hardy (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 Firefox/3.0) does not save the password when entering the Japanese mail.yahoo.co.jp or any of the yahoo.co.jp sites
ProblemType: Bug
Architecture: i386
Date: Wed Jun 25 20:45:16 2008
DistroRelease: Ubuntu 8.04
Package: firefox-3.0 3.0+nobinonly-
PackageArchitec
ProcEnviron:
SHELL=/bin/bash
PATH=/
LC_MESSAGES=
LANG=de_DE.utf8
SourcePackage: firefox-3.0
Uname: Linux 2.6.24-19-generic i686
Rolf Leggewie (r0lf) wrote : | #113 |
- Dependencies.txt Edit (2.6 KiB, text/plain; charset="utf-8")
- ExtensionSummary.txt Edit (901 bytes, text/plain; charset="utf-8")
- profiles.ini.txt Edit (104 bytes, text/plain; charset="utf-8")
Andreas Moog (ampelbein) wrote : | #114 |
Thank you for taking the time to report this bug and helping to make Ubuntu better. However, you are not using the most recent version of this package for your Ubuntu release. Please upgrade to the most recent version and when you are still having this issue, feel free to file a new bug-report. Thanks in advance.
Changed in firefox-3.0: | |
status: | New → Invalid |
Rolf Leggewie (r0lf) wrote : | #115 |
Andreas, what kind of nonsense are you talking? This is (or was) the newest version of FF. Even if it wasn't, that would not invalidate this bug without further investigation. "Bug triaging" like this is not only not helpful, it is actually outright destructive, so please stop doing that *right now*! I hope you just made a simple, ordinary mistake.
Reopening.
Changed in firefox-3.0: | |
status: | Invalid → New |
Andreas Moog (ampelbein) wrote : | #116 |
Ok, understood. Sorry for that. Could you please try with the official firefox if it happens there, too? If yes, this should be reported upstream.
Martin Mai (mrkanister-deactivatedaccount-deactivatedaccount) wrote : | #117 |
Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue for you. Can you try with the latest Ubuntu release? Thanks in advance.
Changed in firefox-3.0: | |
status: | New → Incomplete |
Rolf Leggewie (r0lf) wrote : | #118 |
still unchanged for Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008121621 Ubuntu/8.04 (hardy) Firefox/3.0.5
Changed in firefox-3.0: | |
status: | Incomplete → New |
John Vivirito (gnomefreak) wrote : | #119 |
Please leave it as incomplete so it can be tracked as that and more info will be requested shortly. I'm out of town so i cant test this on Ubuntu. Is it just japan sites or yahoo japan or just yahoo in general? This sounds more like yahoo than firefox Can you please test with up to date firefox 3.0 should be 3.0.5 IIRC
Changed in firefox-3.0: | |
status: | New → Incomplete |
Rolf Leggewie (r0lf) wrote : | #120 |
See above, I am already using 3.0.5.
I only see this for yahoo.co.jp and its subdomains. That does not mean other sites are not affected. mixi.jp works fine, though.
Changed in firefox: | |
status: | Unknown → New |
In Mozilla Bugzilla #93776, Trev-moz (trev-moz) wrote : | #121 |
*** Bug 484133 has been marked as a duplicate of this bug. ***
Changed in firefox: | |
status: | New → Unknown |
Rolf Leggewie (r0lf) wrote : Re: password not saved for mail.yahoo.co.jp | #122 |
Thank you Andreas. Mozilla bug 93776 has all the background information on this.
This bug has all the necessary information to be fixed. I advocate Firefox be recompiled with WALLET_
Changed in firefox-3.0: | |
importance: | Undecided → Medium |
status: | Incomplete → Triaged |
Changed in firefox: | |
status: | Unknown → Won't Fix |
John Vivirito (gnomefreak) wrote : | #123 |
This is not something that we can fix, this fix needs to be done upstream.
Changed in firefox-3.0 (Ubuntu): | |
status: | Triaged → Won't Fix |
Rolf Leggewie (r0lf) wrote : | #124 |
John, this is something upstream won't fix. And this is *easily* fixable by Ubuntu. It is a compile-time switch (see issue title).
Reopening.
Changed in firefox-3.0: | |
status: | Won't Fix → Triaged |
Alexander Sack (asac) wrote : | #125 |
we will follow upstream decisions on such things. so yes, this needs to be solved upstream.
Changed in firefox-3.0 (Ubuntu): | |
status: | Triaged → Won't Fix |
In Mozilla Bugzilla #93776, longsonr (longsonr) wrote : | #126 |
*** Bug 486875 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Kevin Brosnan (kbrosnan) wrote : | #127 |
*** Bug 496332 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Kevin Brosnan (kbrosnan) wrote : | #128 |
*** Bug 498437 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, longsonr (longsonr) wrote : | #129 |
*** Bug 509531 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Mobill-g (mobill-g) wrote : | #130 |
Maybe I'm dense but I don't see what autocomplete has to do with not recognizing cookies. If I go to www.netflix.com the first thing it tells me is my cookies are not enabled. I know this is wrong because my cookies have always been enabled and the problem started around Firefox 3.0.x when I had changed nothing. I suppose this duplicates some bug but I haven't a clue what it might be.
In Mozilla Bugzilla #93776, Jruderman (jruderman) wrote : | #131 |
It doesn't. longsonr got confused by the summary of bug 509531. I reopened it for you and gave it a slightly better summary.
Changed in firefox: | |
importance: | Unknown → Medium |
In Mozilla Bugzilla #93776, Mardeg (mardeg) wrote : | #132 |
*** Bug 833504 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #93776, Epinal99-bugzilla (epinal99-bugzilla) wrote : | #133 |
*** Bug 833504 has been marked as a duplicate of this bug. ***
over to password manager.