Closed
Bug 1204330
Opened 9 years ago
Closed 6 years ago
SSL/TLS cert of seamonkey-project.org broken and https page redirects directly to mozilla.org
Categories
(SeaMonkey :: Website, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: adriank, Unassigned)
Details
This applies to https://seamonkey-project.org/ as well as https://www.seamonkey-project.org/: The site's certificate is not intended for the domain ("ssl_error_bad_cert_domain") - the cert is only valid for "static-san.mozilla.org, addons.mozilla.com, autoconfig-live.mozillamessaging.com, autoconfig.thunderbird.net, broker-live.mozillamessaging.com, live.mozillamessaging.com, live.thunderbird.net, nightly.mozilla.org, getfirefox.com, www.getfirefox.com, opensearch-live.mozillamessaging.com, dnt.mozilla.org, support.live.mozillamessaging.com, firefox.com, www.firefox.com, gaming.mozillalabs.com, apps.mozillalabs.com, webmaker.mozillalabs.com, support.mozillamessaging.com, heatmap.mozillalabs.com, videos-cdn.mozilla.net, videos.mozilla.org, planet.mozilla.org, publicsuffix.org, www.publicsuffix.org, static.mozilla.com, mozilla.com, www.mozilla.com, activations.mozilla.com, activations.mozilla.org, firefoxflicks.com, www.firefoxflicks.com, aurora.mozilla.org, beta.mozilla.org, pontoon.mozillalabs.com, sso.mozilla.com, openstandard.tv, openstandard.org, openstandard.com, theopenstandard.org, theopenstandard.net, www.openstandard.tv, www.openstandard.org, www.openstandard.com, www.theopenstandard.org, www.theopenstandard.net, contribute.mozilla.org, gameon.mozilla.org, www.bugzilla.org, crash-stats.mozilla.org, shapeoftheweb.mozilla.org, shapeoftheweb.com, shapeoftheweb.org, bugzilla.org, firefoxflicks.org, www.firefoxflicks.org, friends.mozilla.org, firefoxosbrand.com, viewsourceconf.com, content.mozilla.org, tlscanary.mozilla.org, viewsourceconf.org, trackertest.org, itisatracker.org, itisatracker.com" When accepting the certificate regardless of the warning, one gets redirected to https://www.mozilla.org/ !
Comment 1•9 years ago
|
||
I see this too. The SeaMonkey site cas still be accessed as http://www.seamonkey-project.org/, thus bypassing the certificate check. But of course the page is not crypted then, and malignant third parties (if any) can see it.
Comment 2•9 years ago
|
||
P.S. https://blog.seamonkey-project.org/ does _not_ suffer from this bug.
Similarly, when clicking on "Download Now" from the home-page (using FireFox): download.cdn.mozilla.net uses an invalid security certificate. The certificate is only valid for the following names: a248.e.akamai.net, *.akamaihd.net, *.akamaihd-staging.net, *.akamaized.net, *.akamaized-staging.net (Error code: ssl_error_bad_cert_domain) Somewhat worrisome: with all the fuss about security, this is definitely keeping potential (lambda) users away from Mozilla products.
Comment 4•7 years ago
|
||
(In reply to Tony Mechelynck [:tonymec]. (NEEDINFO me if you want my attention) from comment #1) > I see this too. > > The SeaMonkey site cas still be accessed as > http://www.seamonkey-project.org/, thus bypassing the certificate check. But > of course the page is not crypted then, and malignant third parties (if any) > can see it. Get support and directly
Comment 5•6 years ago
|
||
Is this bug still relevant? Going to https://www.seamonkey-project.org, and https://seamonkey-project.org both takes me to https://www.seamonkey-project.org/. Or did I misunderstand somewhere?
Updated•6 years ago
|
Product: Websites → SeaMonkey
Comment 6•6 years ago
|
||
As of a few days ago, I've been experiencing a similar problem with HTTPS requests to www.seamonkey-project.org (but not blog.seamonkey-project.org). The error message I get is slightly different so I've opened it as a new issue: Bug 1492430. If it really is a recurrence of this problem, though, feel free to close it as a duplicate. (BTW, what is the proper product and component for SeaMonkey website bugs? Is it Websites->SeaMonkey or SeaMonkey->Website?)
Comment 7•6 years ago
|
||
(In reply to Tristan Miller from comment #6) > As of a few days ago, I've been experiencing a similar problem with HTTPS > requests to www.seamonkey-project.org (but not blog.seamonkey-project.org). > The error message I get is slightly different so I've opened it as a new > issue: Bug 1492430. If it really is a recurrence of this problem, though, > feel free to close it as a duplicate. If you do encounter something, please do a screen cap and post it here. (Make sure you desensitize anything you don't want to be viewed publicly). > > (BTW, what is the proper product and component for SeaMonkey website bugs? > Is it Websites->SeaMonkey or SeaMonkey->Website?) It'd be SeaMonkey->Website. Thanks
Comment 8•6 years ago
|
||
(In reply to Edmund Wong (:ewong) from comment #7) > If you do encounter something, please do a screen cap and post it here. > (Make sure you desensitize anything you don't want to be viewed publicly). The exact error message (from wget) is already posted on the other bug report (which someone else has now confirmed). > > (BTW, what is the proper product and component for SeaMonkey website bugs? > > Is it Websites->SeaMonkey or SeaMonkey->Website?) > > It'd be SeaMonkey->Website. OK. For future reference, what is the Websites->SeaMonkey component for, then?
Comment 9•6 years ago
|
||
(In reply to Tristan Miller from comment #8) > (In reply to Edmund Wong (:ewong) from comment #7) > > If you do encounter something, please do a screen cap and post it here. > > (Make sure you desensitize anything you don't want to be viewed publicly). > > The exact error message (from wget) is already posted on the other bug > report (which someone else has now confirmed). Thanks Will take a gander. > > > > (BTW, what is the proper product and component for SeaMonkey website bugs? > > > Is it Websites->SeaMonkey or SeaMonkey->Website?) > > > > It'd be SeaMonkey->Website. > > OK. For future reference, what is the Websites->SeaMonkey component for, > then? It was for our website when it was hosted with Mozilla. Now that we host it ourselves, we've moved it to our own (for lack of a better phrase) product line.
Comment 10•6 years ago
|
||
Is this bug still relevant?
Comment 11•6 years ago
|
||
I can't reproduce it myself.
Comment 12•6 years ago
|
||
This has been solved with bug 1492430
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•