MozillaZine

Insecure logins

User Help for Mozilla Firefox
coolmanoh
 
Posts: 86
Joined: November 17th, 2005, 10:38 pm

Post Posted June 14th, 2017, 12:09 pm

When I attempted to log in to the mozillaZine forum I got a warning: "[color=#800000]This connection is not secure. Logins entered here could compromised. Learn more." /color] "Learn more" suggested typing https:// before the URL. Doing this results in an "Unable to connect" message. This is the very first time I ever got this warning.

DanRaisch
Moderator

User avatar
 
Posts: 117396
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted June 14th, 2017, 12:31 pm

Moving to Firefox Support as this is not a Thunderbird issue.

MarkRH

User avatar
 
Posts: 1153
Joined: September 12th, 2007, 2:30 am
Location: Oklahoma City, OK

Post Posted June 14th, 2017, 3:18 pm

Read this thread: viewtopic.php?f=38&t=3028500

Basically Firefox now warns when sending passwords over http connections. You can turn off this warning with about:config changes. Nothing has changed really, it just tosses out a warning now.

Happy112

User avatar
 
Posts: 364
Joined: April 15th, 2017, 10:25 am
Location: Never-Never-Land

Post Posted June 14th, 2017, 10:39 pm

@coolmanch :

If you really don't want to see these warnings again, you can turn them off in about:config, like MarkRH already said :

Type in the address bar 'about:config' (without the quoation marks)
(promise to be careful, is asked)
Type and search for the following two preferences :
'security.insecure_field_warning.contextual.enabled' (without the quotation marks)
and :
'security.insecure_password.ui.enabled' (without the quotation marks)
and set both values to 'false'.

Would you first take a look at this article, please ?

https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
You can keep your diamonds - they're just shiny stones; love is the only precious thing and doesn't cost a dime.

coolmanoh
 
Posts: 86
Joined: November 17th, 2005, 10:38 pm

Post Posted June 16th, 2017, 9:16 am

My concern is not about the message itself; it's about the fact that if you click on "Read more" you get instructions to put "https://" before the URL.When I did that I got an "Unable to connect" message.

dfoulkes

User avatar
 
Posts: 22114
Joined: June 28th, 2008, 10:31 pm
Location: Mesquite, Nevada

Post Posted June 16th, 2017, 9:30 am

That is because Mozillazine does not support https.... the https stuff is normally associated with high secured sites... like banks etc... this site does not need that... just do what Happy112 said.
As you can see she's (The CAT) always alert and on the prowl for Meoware !!

LoveMyFoxy

User avatar
 
Posts: 1847
Joined: December 11th, 2009, 11:23 am
Location: USA

Post Posted June 16th, 2017, 11:40 pm

That's why Happy112 is happy.

So HTTPS Everywhere does what with sites that don't have the "S"? Refuses to connect you? Would it negate the 2 about:configs I just did?
Desktop--Win 7 Ult. 64, 6GB RAM /FF ESR / Thunderbird 52 / Chrome /Opera / Avira A-V / Windows firewall / Verizon FIOS

Happy112

User avatar
 
Posts: 364
Joined: April 15th, 2017, 10:25 am
Location: Never-Never-Land

Post Posted June 17th, 2017, 12:34 am

coolmanoh wrote:My concern is not about the message itself; it's about the fact that if you click on "Read more" you get instructions to put "https://" before the URL.When I did that I got an "Unable to connect" message.


If it's not the warning itself that's bothering you - then just ignore my previous post.
What's important though : does this happen on MozillaZine only ?
If so, then what dfoulkes said is true : you don't need to change it to 'https' on this site.
If, however, you get this on other sites as well, then you could go to about:config and set the value of the following preference to 'false' : 'browser.urlbar.autoFill' (without the quotation marks).
You can keep your diamonds - they're just shiny stones; love is the only precious thing and doesn't cost a dime.

phkhgh
 
Posts: 807
Joined: January 25th, 2007, 2:49 pm
Location: So. U.S.A.

Post Posted June 29th, 2017, 2:16 pm

dfoulkes wrote: Mozillazine does not support https.... the https stuff is normally associated with high secured sites... this site does not need that...


Just a thought...
Nothing to do w/ OP's original question, but a very significant number of "low security" sites, like forums, now use https. At least on login pages.
1) HTTPS is unimportant on a Mozillazine type sites, if you don't care about hackers stealing your login data; then posing as you; or don't mind them stealing your email address, even if they can't login;
...if it's not a forum where you're discussing personal issues, and say an abusive ex-spouse or stalker sniffs your PW, then reads all of your comments;
...for non-technical or lazy or "it'll never happen to me" type users that still use one PW for many sites, stolen PWs are big trouble.

2) I see more & more people asking "typical" site operators to add https - at least for login, and more sites complying.

LoveMyFoxy

User avatar
 
Posts: 1847
Joined: December 11th, 2009, 11:23 am
Location: USA

Post Posted June 29th, 2017, 10:43 pm

error
Desktop--Win 7 Ult. 64, 6GB RAM /FF ESR / Thunderbird 52 / Chrome /Opera / Avira A-V / Windows firewall / Verizon FIOS

Return to Firefox Support


Who is online

Users browsing this forum: AlbertG, Reflective and 13 guests