Closed Bug 1341068 Opened 7 years ago Closed 2 years ago

Insecure Login Lock Icon displayed for http://www.alexa.com/ due to hidden <input type="password">

Categories

(Toolkit :: Password Manager: Site Compatibility, defect, P3)

Product:
Toolkit
Component:
Password Manager: Site Compatibility
Version:
54 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: u564464, Unassigned)

References

(
URL
)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0
Build ID: 20170220110209

Steps to reproduce:

http://www.alexa.com/siteinfo/google.com


Actual results:

Shows insecure login lock icon as if there is an insecure login on the page. Password fields console warnings are also displayed.


Expected results:

While this page itself is not secure, the "Log in" link on the page redirects to a page with a secure connection. Since there is no visible login on this unsecured page, I wasn't expecting Firefox to show the insecure login lock icon.

Furthermore, Chrome does not show its "Not Secure" warning in the address bar for this page.
Component: Untriaged → Security
OS: Unspecified → All
Component: Security → Password Manager
Product: Firefox → Toolkit
the page contains 7 hidden INPUT elements with type="password".
URL: http://www.alexa.com/siteinfo/google.com
Component: Password Manager → Password Manager: Site Compatibility
Hardware: Unspecified → All
Summary: False Positive Insecure Login Lock Icon in Location Bar → Insecure Login Lock Icon displayed for http://www.alexa.com/ due to hidden <input type="password">
Priority: -- → P3

Site is now https and will be unavailable from March 1st, too

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.