Closed Bug 1331112 Opened 7 years ago Closed 7 years ago

Spurious "This connection is not secure" warning when logging in to www.nab.com.au?

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
29 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1329940

People

(Reporter: n.nethercote, Unassigned)

Details

I'm using Nightly 53.

Steps to reproduce:

- Visit www.nab.com.au/

- Click "Login" at the top right, then choose "Internet Banking" A new window is opened, with the URL https://ib.nab.com.au/nabib/index.jsp, containing the login form.

- Focus on the "NAB ID" form in the new window. Firefox shows this message: "This connection is not secure. Logins entered here could be compromised."

- Click on the green lock icon in the address bar, which is accompanied by "National Australia Bank Limited (AU)".  The dropdown box says "Secure connection" but also says "Logins entered on this page could be compromised."

- When I follow the same steps in Chrome (up to clicking on the green lock) it says "Secure connection" and "Your information (for example, passwords or credit card numbers) is private when it is sent to this site".

Talk about mixed messages! Is Firefox's warning wrong here? I am confused, which is not what I want when accessing my internet banking :(

Also note that I access this site regularly with Nightly (at least once per month) and I haven't seen this warning before. The site hasn't obviously changed, though its code obviously may have.
This is because the secure site is opened by an HTTP page and has an insecure window.opener reference. Discussion around what the best messaging could be is happening in bug 1329940.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.