Insecure Login Lock Icon displayed for http://www.alexa.com/ due to hidden <input type="password">

UNCONFIRMED
Unassigned

Status

()

Toolkit
Password Manager: Site Compatibility
P3
normal
UNCONFIRMED
9 months ago
11 days ago

People

(Reporter: u564464, Unassigned)

Tracking

54 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

9 months ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0
Build ID: 20170220110209

Steps to reproduce:

http://www.alexa.com/siteinfo/google.com


Actual results:

Shows insecure login lock icon as if there is an insecure login on the page. Password fields console warnings are also displayed.


Expected results:

While this page itself is not secure, the "Log in" link on the page redirects to a page with a secure connection. Since there is no visible login on this unsecured page, I wasn't expecting Firefox to show the insecure login lock icon.

Furthermore, Chrome does not show its "Not Secure" warning in the address bar for this page.
(Reporter)

Updated

9 months ago
Component: Untriaged → Security
OS: Unspecified → All

Updated

9 months ago
Component: Security → Password Manager
Product: Firefox → Toolkit
the page contains 7 hidden INPUT elements with type="password".

Updated

9 months ago
Component: Password Manager → Password Manager: Site Compatibility
Hardware: Unspecified → All
Summary: False Positive Insecure Login Lock Icon in Location Bar → Insecure Login Lock Icon displayed for http://www.alexa.com/ due to hidden <input type="password">
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.