Closed Bug 220684 Opened 21 years ago Closed 21 years ago

major https sites showing certificate warning

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
Other Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: jmd, Assigned: ssaux)

Details

Best Buy, a huge electronics chain in the US, uses HRS as their credit card
management company. Following the links to log in from bestbuy.com gets you to
  https://www.hrsaccount.com
Which gives an SSL warning with both 0.7rc and trunk builds of Firebird. When I
view the certificate details, I don't see anything wrong with it. (Experation
date, host name, issuer...) I tried on a Windows PC with IE, and did not get any
error or warning about the cert.

Previously (maybe a week ago) I saw another prominent site that gave me a cert
warning with Firebird as well. At the time I didn't think anything of it, but
now there is obviously something more than a webadmin screwup at work here.

Best Buy's credit card site used to work for me fine with Firebird until just
recently. Their certificate does not appear to be new.

This should be a release blocker. At least until someone can determine the exact
cause. (The new warning popup doesn't list what the error actually is, just a
bunch of possibilities (what are we, IE?), so I can't diagnose further)
blocker nomination. I can not pay my credit card with 0.7rc.
Flags: blocking1.6a?
Flags: blocking1.5?
Also seeing this with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5)
Gecko/20030916 -> removing Firebird reference

Its a certificate warning, everything works if you accept the certificate, so
its an annoyance at worst, unless someone is actually posing as
https://www.hrsaccount.com, in which case its not a bug in Mozilla anyway....
Summary: major https sites showing certificate warning in Firebird → major https sites showing certificate warning
Flags: blocking1.5?
I'm still seeing this with Firebird 0.7 official release on Win98.  So far, the
certificates are all Verisign.  Certificates from other authorities do seem to
be recognised.  Worrying.  FWIW, IE6 accepts the certificate with no warnings.
No problem with older mozilla.  I don't get any warnings.
Not a regression in NSS.  

What warning are you seeing exactly?  Do you still see it?

WORKSFORME Mozilla 1.6 MacOS 10.3.2
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
Product: PSM → Core
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.