Closed Bug 1067174 Opened 5 years ago Closed 5 years ago

Some SSL websites are considered untrusted when Firefox is started in a Windows child account


(Core :: Security, defect)

Windows 8.1
Not set



Tracking Status
firefox32 --- affected
firefox33 --- affected
firefox34 --- affected
firefox35 --- affected


(Reporter: kbrosnan, Unassigned)


(Whiteboard: Fixed by Microsoft update KB2965142)

Visiting , or all result in a untrusted connection error if the user starts Firefox in a Windows child account.

* open the Windows user account manager
* create a new child account
* switch to the new child account that was just created
* Launch Firefox
* browses to the websites listed above

This is not true of all SSL websites one can load , ,
Flags: firefox-backlog?
Not a recent regression tried a nightly from the Firefox 4 beta 3 timeframe and this issue still reproduced.
This is outside the responsibilities of fx-team (Core).
Flags: firefox-backlog?
Gian-Carlo, this bug came up today in the channel meeting and I want to make sure that your team is aware of it.   

Is there a way we can bring bugs to your attention or nominate them for escalation in some way similar to the process the firefox team uses?  (i.e. a particular flag or whiteboard tag) or is need-infoing a module owner or peer still the way to go? Thanks!
Flags: needinfo?(gpascutto)
Redirecting to more appropriate people. This sounds like like a permissions issue with NSS on restricted accounts.
Flags: needinfo?(sstamm)
Flags: needinfo?(gpascutto)
Flags: needinfo?(dkeeler)
Matt, adding you in case you want to track this or if it relates to your certificate-related testing.
Sorry it took a while to look into this. As far as I can tell, on Windows 8.1 child accounts, some connections are basically intercepted by the OS so they can be examined. Here's more information: (including some documentation that indicates it's a known issue that this doesn't work seamlessly with Firefox). See also
Flags: needinfo?(dkeeler)
Flags: needinfo?(sstamm)
Whiteboard: Fixed by Microsoft update KB2965142
I am very suspicious of this solution, adds the Microsoft Family Safety Certificate to the CA list. This allows Microsoft to man in the middle the middle Firefox users.
Closed: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1189110
You need to log in before you can comment on or make changes to this bug.