It seems like this behaviour has been intended, and has been being worked on, for a while.
It is not regarded as a bug by the developers, but as a 'good thing'.
So don't expect it to be changed unless they start to get a LOT of complaints.
OK, I can sort of see the point of it, for users who don’t know the risks, but why force it on all users without any warning, and with no easy way to turn it off?
The password field warning bit itself is not too bad.
But blocking the associated autofill passwords within forms is a pain for me. (and quite a few others from what I have been reading).
Instead of 2 clicks to login to my favourite forums it's now taking 5 or 6, and maybe some typing.
Anyway I have found (some of) the Firefox config. settings to disable this behavour and am playing about with them.
Trouble is I keep running out of login attempts on VB forums and having to wait 15 mins for them to reset. LOL.
And of course not everybody is going to be comfortable with going into the config. settings, as the warning page says "Here be Dragons".
Well I've now fiddled with the Firefox config. settings and got the auto filling of login forms working again for all my vBulletin and Xenforo sites except one.
That one may be doing something slightly different because it is the one where I am a Super Moderator.
I'm still getting the warnings but I can live with that for now.
I tried turning them off in config. but that just blocked logins altogether again.
And yes I have sent some snotty feedback to mozilla.
Firefox has a bug with some HTTPS sites such as giving a warning and can't load them like the Slax Linux site where it states the certificate was revoked and whatnot where as a Chrome-based browser loads it fine. Unfortunately for those sites another browser has to be used.
Firefox has a bug with some HTTPS sites such as giving a warning and can't load them like the Slax Linux site where it states the certificate was revoked and whatnot where as a Chrome-based browser loads it fine. Unfortunately for those sites another browser has to be used.
now i know why i found similar problem with other site
I got it direct from Mozilla, when Firefox came up with the usual upgrade popup and I clicked on the 'Upgrade Now' button.
Like I said above I've got the autofill of usernames and passwords in forms working now by going to about:config and toggling 'signon.autofillForms.http' from false to true.
The actual warning notice itself and the blocking seem to be controlled by 'security.insecure_field_warning.contextual.enabled' and 'security.insecure_password.ui.enabled'.
However if I toggle these to false to get rid of the warnings then logins are blocked altogether.
(I suspect that this is intentional- either warning or blocked altgether).
Even odder-
The one site that I reported as still being blocked seems to have had had the password changed at the forum itself.
Once I did the 'Forgotten Password' thing to get a new password I was able to login to it with that new password, and to change it back to my previous, saved password.
It now logs in from Firefox with that previously saved password again.
This is a bit incredible to say the least and I'm not sure just how Firefox could even have done that.
I am still investigating that one with the forum administrator there, he should be able to retrieve any password changes made to check if Firefox did somehow manage to change the password. I certainly hadn't.
I suspect though that it is something deeper, I should also have not been able to reset it to a previously used password, the forum software will not allow that.
(I mod there, so I login to that site 2 or 3 times daily using the password saved in Firefox some time ago).
Like I said above I've got the autofill of usernames and passwords in forms working now by going to about:config and toggling 'signon.autofillForms.http' from false to true.
Thanks for that tip. I just changed my 2 systems. Firefox updated itself without my knowledge yesterday, apparently. When I booted the system this morning, I saw the password problems talked about here. Glad I read these posts yesterday so I knew what was going on.
I've often seen on various websites over the years to not allow Firefox to remember logins and passwords, but to instead use an external program for it.
Thanks for that tip. I just changed my 2 systems. Firefox updated itself without my knowledge yesterday, apparently. When I booted the system this morning, I saw the password problems talked about here. Glad I read these posts yesterday so I knew what was going on.
Good to hear that I'm not the only one who saw this as a problem, and great that toggling the setting worked for you as well.
My real beef was that Mozilla pushed this out without any warning to users who are not in their insider/development/beta club.
They didn't even mention it in the original release notes.
They have added it now but it still doesn't say that it will totally block some logins, just that it will display a warning
PS. you might want to change you Firefox update settings to 'Check for updates' instead of 'Automatically install updates'.
PPS. That one where it had seemed to change the password at the forum gets even stranger.
The password had not been changed at all, but for some reason Firefox wouldn't let me login there until I changed the password and changed it back again.
Guess we'll never track down what caused that, and will just chalk it up as a WTF?
They moved to ESR, and that's what Firefox 51.01 will download and install. I didn't have to jump through hoops to get ESR enabled, I just grabbed the PortableApps.com version here and then cut+paste my profile into it and it's working good.
This Password warning/blocking behavour will not change.
(The warning message/pop-up itself may change slightly, and the vBulletin HTTPS issue may be fixed).
But overall this warning/blocking is an intended feature and not a bug, so as far as Mozilla are concerned there is nothing to be 'fixed' and it will remain.
Well it took a couple of days longer than I bet it would, but 52.0.1 update released (though I'll let them off with this minor version update as it's purely a security fix, not the usual bugfix): https://www.mozilla.org/en-US/firefox/52.0.1/releasenotes/
The end date is set to September 2017, but Mozilla has said they will do a count of all their XP/Vista users in the summer and see if it is worth extended the support date.