Closed Bug 1348673 Opened 8 years ago Closed 8 years ago

Insecure password connection false positive

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: kbass, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20170308204533 Steps to reproduce: The new FF52 has the password field security warning of 'This connection is not secure. Logins entered here could be compromised'... The problem is that my login entry form (located in a sidebar) POST's to an https URL and the password is NOT sent over an insecure connection. It seems the detection logic to trigger this panic inducing warning is not correct. When the website was developed, and again this morning, I verified using firebug as well as wireshark that the password was never sent over an insecure connection. Actual results: Got insecure popup at password focus and broken padlock icon in url bar. Expected results: Nothing - this is a false positive.
Group: core-security
Going to close this since after reading some mozilla blogs and such I doubt it will be fixed due to MITM arguments.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
Component: Untriaged → General
Group: core-security
You need to log in before you can comment on or make changes to this bug.