Closed Bug 1390645 Opened 7 years ago Closed 7 years ago

Insecure login warning on http://listjs.com/ with no visible logins present

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
55 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1334760

People

(Reporter: 13hurdw, Unassigned)

References

(
URL
)

Details

To reproduce:
http://listjs.com/

Expected:
Does not show insecure login warning icon in location bar.

Actual:
Insecure login warning lock icon is displayed in left section of location bar.

The insecure login warning is not displayed in Private Browsing mode with tracking protection enabled, so it looks like there is a login frame somewhere that is causing the insecure warning. The Twitter follow button is not visible with tracking protection so that may be the culprit.

FWIW, Chrome does not display the Not Secure message on this site.

This may be a duplicate of Bug 1334760 but I wanted to report it just in case.
Yes, it does appear to be an instance of bug 1334760. I didn't see this problem at first so I assume that if you are already logged in to Twitter their hidden frame doesn't have a login field, but it was easy to reproduce with a fresh testing profile. If you aren't logged in and click the "follow" button you get a secure pop-up to do the login, so I'm not sure why Twitter needed to have the password field in their iframe.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.