Closed Bug 246919 Opened 20 years ago Closed 11 years ago

Security: Firefox switches between secure and insecure sites without useful warning

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: lsof, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040615 Firefox/0.9
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040615 Firefox/0.9

Firefox will switch between a secure website and a non-secure website without
warning.

Reproducible: Always
Steps to Reproduce:
1. Go to https://www.mail2web.com/
2. After the page has loaded, enter http://www.cnn.com/ in the Location bar

A warning will appear as the insecure site loads in the background. Wait a moment.

The warning says "You are about to leave an encrypted page.."

You have two options:
 1. Do not press OK. You don't want to leave the secure site.
 2. Don't press OK - you're not happy with leaving a secure site. There is no
Cancel button. Close the warning box.


Expected Results:  
Two improvements:
 1. Do not load the insecure site until the user has chosen what they want to do.
 2. Add a "Cancel" button to the warning dialog.
Summary: Security: Firefox switches between secure and insecure sites without warning → Security: Firefox switches between secure and insecure sites without useful warning
The notice is just a notification. In the case you suggested, clearly the user
wants to go to www.cnn.com, so it is just informing the user that www.cnn.com is
insecure. Adding a Cancel button would just present an unnessary choice to the user.

Wontfixing. Feel free to reopen if you can provide us with a good case for why
these changes would be useful, and maybe someone higher up the food chain will
decide to do this.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WONTFIX
> clearly the user wants to go to www.cnn.com
Not always true. You'll get the same behaviour if the website decides to send
you to an insecure site.

Try logging in to www.hotmail.com
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---
I second the original request. When I'm on public WLAN I try to use https in
order to keep my session/passwords safe and uncompromised. Then I get to a
section of the site or click on a link that is insecure - and Firefox warns me
about it, very cool! But what to do next? Basically, I have to abandon the
browser window to continue surfing, because right now there are no other
options. A "cancel" button would go a LONG way!
Assignee: bross2 → nobody
Does this mean this bug is finally going to be fixed?
I laugh every time I see Firefox touting itself as "the most secure browser."
This bug makes it the most *insecure* browser!

This dialog no longer appears following the STR in comment 0 - the secure connection data to the left of the URL bar is sufficient to convey the status of the connection to the user.
Status: NEW → RESOLVED
Closed: 20 years ago11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.