Open Bug 1302188 Opened 8 years ago Updated 2 years ago

No Certificate Viewer Dialog for Inline Frame

Tracking

()

Status:

NEW

People

(Reporter: jacobshreffler, Unassigned)

Details

Jacob Shreffler

Reporter

Description

•

8 years ago

Sample page: the newegg.com checkout using payment method Visa Checkout. An iframe opens from a subdomain of visa.com with its own certificate distinct from the certificate of the parent newegg page.

Right clicking and clicking frame info for the iframe does not show a Security subtab as per Bug 149207. Nor does the Info dialog for the parent page allow the certificate of the iframe to be viewed. Certificate viewer or the Security tab can easily avoid misleading users by causing a message to be displayed that "This page may be insecure because it uses multiple certificates." FF is already potentially misleading users into thinking that their iframe input is being sent to the domain of the parent page, because the Security tab does not show the second Certificate.

Cross scripting concerns aside, FF users deserve to know whether they are actually using certificates from the merchant and the card network and also whether they are using any other certificates.

Jacob Shreffler

Reporter

Updated

•

8 years ago

Status: UNCONFIRMED → NEW

Ever confirmed: true

Daniel Veditz [:dveditz]

Updated

•

7 years ago

Severity: major → enhancement

Priority: -- → P3

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

No Certificate Viewer Dialog for Inline Frame

Categories

(Firefox :: Security, enhancement, P3)

Tracking

()

People

(Reporter: jacobshreffler, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated