Closed Bug 1361288 Opened 8 years ago Closed 8 years ago

The Advanced button from the "Unable to Connect Securely" neterror page is not working

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
Firefox 55
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox53 --- unaffected
firefox54 --- verified
firefox55 --- verified

People

(Reporter: emilghitta, Assigned: emk)

References

Details

(Keywords: regression)

Attachments

(2 files)

Neterror.gif
216.00 KB, image/gif
Details
Bug 1361288 - Remove vestigial reference to advancedLongDesc and hide advancedButton for SSLv3 erros.
59 bytes, text/x-review-board-request
johannh
: review+
gchang
: approval-mozilla-beta+
Details
Attached image Neterror.gif
[Affected versions]: Firefox 54.0b4 (Build Id:20170501133120) Firefox 55.0a1 (Build Id:20170501030204) [Unaffected versions]: Firefox 53.0 (Build Id:20170413192749) [Affected platforms]: Windows 10 64bit. Mac 10.11.6. Ubuntu 16.04 32bit. [Steps to reproduce]: 1.Launch Firefox. 2.Access the https://sslv3.mozqa.com/ webpage. 3.Click on the “Advanced” button. 4.Observe that the “Advanced” button is not working. [Expected result]: The Advanced button is working and the “sslv3.mozqa.com uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. Advanced info: SSL_ERROR_UNSUPPORTED_VERSION” message is displayed. [Actual result]: The “Advanced” button is not working. [Regression range]: This seems to be a regression: Last good revision: f4f374622111022d41dd8d5eb9220624135c534a First bad revision: 64b970234605f682457ada10cd523608861d6864 Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=f4f374622111022d41dd8d5eb9220624135c534a&tochange=64b970234605f682457ada10cd523608861d6864 [Additional Information]: Please observe the attached video for more details.
Hi emk, I think bug 1321778 broke this. You probably removed a bit too much of the weak crypto stuff on aboutNetError.xhtml. :) Would you have time to take a look at this? Thanks!
Blocks: 1321778
Component: General → Security
Flags: needinfo?(VYV03354)
Assignee: nobody → VYV03354
Status: NEW → ASSIGNED
Flags: needinfo?(VYV03354)
Comment on attachment 8863728 [details] Bug 1361288 - Remove vestigial reference to advancedLongDesc and hide advancedButton for SSLv3 erros. https://reviewboard.mozilla.org/r/135502/#review138760 Sounds fine to me :)
Attachment #8863728 - Flags: review?(jhofmann) → review+
Pushed by VYV03354@nifty.ne.jp: https://hg.mozilla.org/integration/autoland/rev/c0f6afd83308 Remove vestigial reference to advancedLongDesc and hide advancedButton for SSLv3 erros. r=johannh
https://hg.mozilla.org/mozilla-central/rev/c0f6afd83308
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox55: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 55
Please request Beta approval on this when you get a chance.
status-firefox-esr52: --- → unaffected
Flags: needinfo?(VYV03354)
Comment on attachment 8863728 [details] Bug 1361288 - Remove vestigial reference to advancedLongDesc and hide advancedButton for SSLv3 erros. Approval Request Comment [Feature/Bug causing the regression]: 1321778 [User impact if declined]: Users will be confused by a non-working button. [Is this code covered by automated tests?]: No, manually tested. [Has the fix been verified in Nightly?]: Yes. [Needs manual test from QE? If yes, steps to reproduce]: Probably this is already a part of manual QA. See comment #0 in this bug. [List of other uplifts needed for the feature/fix]: none [Is the change risky?]: No. [Why is the change risky/not risky?]: This change will simply remove a button in an unusual case. [String changes made/needed]: No. I intentionally avoided string changes to make uplift possible.
Flags: needinfo?(VYV03354)
Attachment #8863728 - Flags: approval-mozilla-beta?
Hi :emilghitta, Can you help check if it's fixed in the latest nightly?
Flags: qe-verify+
Flags: needinfo?(emil.ghitta)
I have reproduced this bug following the STR from comment #0 with nightly 55.0a1 (2017-05-01)(64-bit) on Manjaro 17 (64bit). I can verify that this bug is fixed in Latest Nightly 55.0a1 (advanced button is hidden as the comment #3 suggested) Build ID 20170504100357 User Agent Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0 [bugday-20170503]
Flags: needinfo?(emil.ghitta)
Hi Gerry! I can confirm that this issue is verified fixed (the advance button is not longer displayed as per comment #7) on the latest Firefox Nightly 55.0a1 (Build Id:20170504030320) using MacOS 10.11 and Windows 10 64bit. I will let the qe-verify+ flag until this is verified fixed in 54 as well. Thank you Sayed for verifying this issue!
status-firefox55: fixedverified
Comment on attachment 8863728 [details] Bug 1361288 - Remove vestigial reference to advancedLongDesc and hide advancedButton for SSLv3 erros. Fix a regression by removing the advance button. Beta54+. Should be in 54 beta 6.
Attachment #8863728 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Verified fixed Fx 54b6 on Win 10, Ubuntu 14.04, OS X 10.12.
Status: RESOLVED → VERIFIED
status-firefox54: fixedverified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: