Closed
Bug 1217179
Opened 9 years ago
Closed 9 years ago
EV certs not marked on Firefox OS
Categories
(Firefox OS Graveyard :: Gaia::Browser, enhancement)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1168016
People
(Reporter: sjw+bugzilla, Unassigned)
Details
STR: Browse to a site using extended validated certificate (e.g. https://www.mozilla.org/). EV sites are marked different in all major desktop and mobile browsers. In Firefox OS EV sites are not marked different from normal https sites. Mostly banks/shops recommend something like 'look for the green url bar and the company name', but on Firefox OS you can't. So an attacker could create an https secured phishing site. Of course he could do this for any site, but important companies often pay an extra fee to get this 'advanced form' of security. For Firefox OS users (and I think Mozilla care about them) this fee is currently worthless. I think I already saw an UI spec for a doorhanger like we have it on desktop, but I think this is also security related topic.
Known feature that we are missing - we need a webAPI to expose cert security details before we can support this. See also the spec linked here: https://bugzilla.mozilla.org/show_bug.cgi?id=1015224#c9 Plan is to implement control center in FxOS to address this and related issues.
Group: b2g-core-security
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(ptheriault)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•