Open
Bug 1302188
Opened 8 years ago
Updated 2 years ago
No Certificate Viewer Dialog for Inline Frame
Categories
(Firefox :: Security, enhancement, P3)
Firefox
Security
Tracking
()
NEW
People
(Reporter: jacobshreffler, Unassigned)
Details
Sample page: the newegg.com checkout using payment method Visa Checkout. An iframe opens from a subdomain of visa.com with its own certificate distinct from the certificate of the parent newegg page. Right clicking and clicking frame info for the iframe does not show a Security subtab as per Bug 149207. Nor does the Info dialog for the parent page allow the certificate of the iframe to be viewed. Certificate viewer or the Security tab can easily avoid misleading users by causing a message to be displayed that "This page may be insecure because it uses multiple certificates." FF is already potentially misleading users into thinking that their iframe input is being sent to the domain of the parent page, because the Security tab does not show the second Certificate. Cross scripting concerns aside, FF users deserve to know whether they are actually using certificates from the merchant and the card network and also whether they are using any other certificates.
Reporter | ||
Updated•8 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Updated•7 years ago
|
Severity: major → enhancement
Priority: -- → P3
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•