STR: Browse to a site using extended validated certificate (e.g. https://www.mozilla.org/). EV sites are marked different in all major desktop and mobile browsers. In Firefox OS EV sites are not marked different from normal https sites. Mostly banks/shops recommend something like 'look for the green url bar and the company name', but on Firefox OS you can't. So an attacker could create an https secured phishing site. Of course he could do this for any site, but important companies often pay an extra fee to get this 'advanced form' of security. For Firefox OS users (and I think Mozilla care about them) this fee is currently worthless. I think I already saw an UI spec for a doorhanger like we have it on desktop, but I think this is also security related topic.
Paul, whats your take on this?
Known feature that we are missing - we need a webAPI to expose cert security details before we can support this. See also the spec linked here: https://bugzilla.mozilla.org/show_bug.cgi?id=1015224#c9 Plan is to implement control center in FxOS to address this and related issues.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1168016
You need to log in before you can comment on or make changes to this bug.