Closed Bug 1348793 Opened 7 years ago Closed 7 years ago

Wrong insecure connection indicator on frameset/iframe

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1334760

People

(Reporter: patrizio.gagliardi, Unassigned)

Details

Attachments

(1 file)

bug.jpg
213.81 KB, image/jpeg
Details
Attached image bug.jpg 
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170302120751

Steps to reproduce:

In a web application we forced HTTPS connection in login pages and in the change password page but this one is inside a frameset where the frameset page can be loaded without an SSL connection. The change password page is loaded only via https and posts to a page that accepts connections only via https.


Actual results:

The version 52 of Firefox marks as unsecure the data written inside the change password page, although this is loaded via SSL. This doesn't happen if the entire frameset is loaded via SSL.


Expected results:

I expected that the browser didn't mark the data insertion as insecure, because both the form page and the form target are loaded via SSL. The attached image shows the issue (all logos and infos are removed for privacy issues).
Login form served in iframe through SSL on unsecure (HTTP) website is unsafe, see bug 1334760.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: