Closed Bug 1067174 Opened 5 years ago Closed 5 years ago

Some SSL websites are considered untrusted when Firefox is started in a Windows child account

Categories

(Core :: Security, defect)

x86_64
Windows 8.1
defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 1189110
Tracking Status
firefox32 --- affected
firefox33 --- affected
firefox34 --- affected
firefox35 --- affected

People

(Reporter: kbrosnan, Unassigned)

Details

(Whiteboard: Fixed by Microsoft update KB2965142)

Visiting https://www.facebook.com , https://www.google.com or https://www.yahoo.com all result in a untrusted connection error if the user starts Firefox in a Windows child account.

STR:
* open the Windows user account manager
* create a new child account
* switch to the new child account that was just created
* Launch Firefox
* browses to the websites listed above

This is not true of all SSL websites one can load https://www.mozilla.org , https://www.microsoft.com , https://www.ebay.com
Flags: firefox-backlog?
Not a recent regression tried a nightly from the Firefox 4 beta 3 timeframe and this issue still reproduced.
This is outside the responsibilities of fx-team (Core).
Flags: firefox-backlog?
Gian-Carlo, this bug came up today in the channel meeting and I want to make sure that your team is aware of it.   

Is there a way we can bring bugs to your attention or nominate them for escalation in some way similar to the process the firefox team uses?  (i.e. a particular flag or whiteboard tag) or is need-infoing a module owner or peer still the way to go? Thanks!
Flags: needinfo?(gpascutto)
Redirecting to more appropriate people. This sounds like like a permissions issue with NSS on restricted accounts.
Flags: needinfo?(sstamm)
Flags: needinfo?(gpascutto)
Flags: needinfo?(dkeeler)
Matt, adding you in case you want to track this or if it relates to your certificate-related testing.
Sorry it took a while to look into this. As far as I can tell, on Windows 8.1 child accounts, some connections are basically intercepted by the OS so they can be examined. Here's more information: http://support.microsoft.com/kb/2965142/en-us (including some documentation that indicates it's a known issue that this doesn't work seamlessly with Firefox). See also https://support.mozilla.org/en-US/questions/1006320
Flags: needinfo?(dkeeler)
Flags: needinfo?(sstamm)
Whiteboard: Fixed by Microsoft update KB2965142
I am very suspicious of this solution, http://support.microsoft.com/kb/2965142/ adds the Microsoft Family Safety Certificate to the CA list. This allows Microsoft to man in the middle the middle Firefox users.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1189110
You need to log in before you can comment on or make changes to this bug.