Closed Bug 1217179 Opened 9 years ago Closed 9 years ago

EV certs not marked on Firefox OS

Categories

(Firefox OS Graveyard :: Gaia::Browser, enhancement)

ARM
Gonk (Firefox OS)
enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 1168016

People

(Reporter: sjw+bugzilla, Unassigned)

Details

STR: Browse to a site using extended validated certificate (e.g. https://www.mozilla.org/).

EV sites are marked different in all major desktop and mobile browsers.
In Firefox OS EV sites are not marked different from normal https sites.

Mostly banks/shops recommend something like 'look for the green url bar and the company name', but on Firefox OS you can't.
So an attacker could create an https secured phishing site. Of course he could do this for any site, but important companies often pay an extra fee to get this 'advanced form' of security. For Firefox OS users (and I think Mozilla care about them) this fee is currently worthless.

I think I already saw an UI spec for a doorhanger like we have it on desktop, but I think this is also security related topic.
Paul, whats your take on this?
Flags: needinfo?(ptheriault)
Known feature that we are missing - we need a webAPI to expose cert security details before we can support this. See also the spec linked here: https://bugzilla.mozilla.org/show_bug.cgi?id=1015224#c9

Plan is to implement control center in FxOS to address this and related issues.
Group: b2g-core-security
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(ptheriault)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.