Closed Bug 1341068 Opened 8 years ago Closed 3 years ago

Insecure Login Lock Icon displayed for http://www.alexa.com/ due to hidden <input type="password">

Categories

(Toolkit :: Password Manager: Site Compatibility, defect, P3)

54 Branch
defect

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: u564464, Unassigned)

References

()

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0 Build ID: 20170220110209 Steps to reproduce: http://www.alexa.com/siteinfo/google.com Actual results: Shows insecure login lock icon as if there is an insecure login on the page. Password fields console warnings are also displayed. Expected results: While this page itself is not secure, the "Log in" link on the page redirects to a page with a secure connection. Since there is no visible login on this unsecured page, I wasn't expecting Firefox to show the insecure login lock icon. Furthermore, Chrome does not show its "Not Secure" warning in the address bar for this page.
Component: Untriaged → Security
OS: Unspecified → All
Component: Security → Password Manager
Product: Firefox → Toolkit
the page contains 7 hidden INPUT elements with type="password".
Component: Password Manager → Password Manager: Site Compatibility
Hardware: Unspecified → All
Summary: False Positive Insecure Login Lock Icon in Location Bar → Insecure Login Lock Icon displayed for http://www.alexa.com/ due to hidden <input type="password">
Priority: -- → P3

Site is now https and will be unavailable from March 1st, too

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.