This forum is a discussion about improving the "Insecure password warning in Firefox" article. If you'd like to participate, please register.

If you need help with Firefox, please ask a question.

[Fx52] (bug 1330152) Add info and/or screenshot for new Insecure login UI

  • 1 Replies
  • Last reply by AliceWyman
  1. AliceWyman 4914 posts
    Report Abuse

    Bug 1330152 - Insecure_passwords SUMO page needs to be updated to support new UI

    When you go to http://www.foxnews.com and click the LOGIN button (top-right) to enter a username and password, Firefox 52 Beta includes an insecure login message in the sign-in box:

    Image:Fx52-InsecureLogin-signin

    Fx52-InsecureLogin-signin

    Such a message DOES NOT appear in Firefox 51:

    Image:Fx51-InsecureLogin-signin

    Fx51-InsecureLogin-signin
    [https://bugzilla.mozilla.org/show_bug.cgi?id=1330152 Bug 1330152] - Insecure_passwords SUMO page needs to be updated to support new UI When you go to http://www.foxnews.com and click the LOGIN button (top-right) to enter a username and password, Firefox 52 Beta includes an insecure login message in the sign-in box: Image:Fx52-InsecureLogin-signin ;[[Image:Fx52-InsecureLogin-signin]] Such a message DOES NOT appear in Firefox 51: Image:Fx51-InsecureLogin-signin ;[[Image:Fx51-InsecureLogin-signin]]
  2. AliceWyman 4914 posts
    Report Abuse

    See also https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ (Quote)


    As part of the ongoing insecure HTTP deprecation, Firefox 51 has enabled the basic warning for insecure password input by default to show a broken padlock icon on the location bar whenever an <input type="password"> is found on a non-HTTPS page. Firefox 52 advances this security measure by disabling autofill on such insecure login forms and rather showing a more prominent contextual warning message just below the <input> element.

    Webmasters are strongly encouraged to move any form to an HTTPS page to let customers sign in safely and securely. In case you don’t know, Let’s Encrypt gives you a trusted SSL/TLS certificate for free. References Bug 1217152 - Flip prefs to disable login autofill on HTTP and enable the warning on insecure login fields


    Note that bug 1217152 is marked status-firefox52: affected → fixed

    See also https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/ (Quote) ----- As part of the ongoing insecure HTTP deprecation, Firefox 51 has enabled the basic warning for insecure password input by default to show a broken padlock icon on the location bar whenever an ''<''input type="password"> is found on a non-HTTPS page. Firefox 52 advances this security measure by disabling autofill on such insecure login forms and rather showing a more prominent contextual warning message just below the ''<''input> element. Webmasters are strongly encouraged to move any form to an HTTPS page to let customers sign in safely and securely. In case you don’t know, Let’s Encrypt gives you a trusted SSL/TLS certificate for free. References [https://bugzilla.mozilla.org/show_bug.cgi?id=1217152 Bug 1217152] - Flip prefs to disable login autofill on HTTP and enable the warning on insecure login fields ----- Note that [https://bugzilla.mozilla.org/show_bug.cgi?id=1217152 bug 1217152] is marked '''status-firefox52: affected → fixed'''