User Agent: Mozilla/5.0 (X11; Linux i686; rv:41.0) Gecko/20100101 Firefox/41.0 Build ID: 20151014143721 Firefox for Android Steps to reproduce: 1. Load a web page that has a HPKP certificate pin 2. Change the SSL certificate on the web server so it doesn't match the HPKP certificate sent to Firefox for Android in step 1. 3. Reload the web page, a security error message must be shown. 4. Close Firefox mobile via the task switcher so it is removed from memory 5. Open Firefox mobile again 6. Load page again, a security error message must be shown Actual results: In step 6. the web page is loaded without a certificate error message which means the HPKP PIN for the page was not stored across a Firefox mobile restart. Expected results: The security error message should have been shown again and the user should have been denied access to the page. (Note: This works correctly in Firefox on the PC so it is a Firefox for Android problem!)
Severity: normal → major
Component: Untriaged → General
OS: Unspecified → Android
Priority: -- → P2
Product: Firefox → Firefox for Android
Version: 41 Branch → Firefox 41
Hello Martin, Can you please provide a web page that has a HPKP certificate pin? Also, is this issue still reproducible to you? If you manage to reproduce it, please mention what device, android version and build you used. Regards, Andrei
Due to the lack of additional info, I'll close this issue as Incomplete. If someone can provide more information regarding this issue, please feel free to reopen it, thanks.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 months ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.