Closed
Bug 1361288
Opened 7 years ago
Closed 7 years ago
The Advanced button from the "Unable to Connect Securely" neterror page is not working
Categories
(Firefox :: Security, defect)
Firefox
Security
Tracking
()
VERIFIED
FIXED
Firefox 55
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox53 | --- | unaffected |
| firefox54 | --- | verified |
| firefox55 | --- | verified |
People
(Reporter: emilghitta, Assigned: emk)
References
Details
(Keywords: regression)
Attachments
(2 files)
|
216.00 KB,
image/gif
|
Details | |
|
59 bytes,
text/x-review-board-request
|
johannh
:
review+
gchang
:
approval-mozilla-beta+
|
Details |
Neterror.gif
[Affected versions]: Firefox 54.0b4 (Build Id:20170501133120) Firefox 55.0a1 (Build Id:20170501030204) [Unaffected versions]: Firefox 53.0 (Build Id:20170413192749) [Affected platforms]: Windows 10 64bit. Mac 10.11.6. Ubuntu 16.04 32bit. [Steps to reproduce]: 1.Launch Firefox. 2.Access the https://sslv3.mozqa.com/ webpage. 3.Click on the “Advanced” button. 4.Observe that the “Advanced” button is not working. [Expected result]: The Advanced button is working and the “sslv3.mozqa.com uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. Advanced info: SSL_ERROR_UNSUPPORTED_VERSION” message is displayed. [Actual result]: The “Advanced” button is not working. [Regression range]: This seems to be a regression: Last good revision: f4f374622111022d41dd8d5eb9220624135c534a First bad revision: 64b970234605f682457ada10cd523608861d6864 Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=f4f374622111022d41dd8d5eb9220624135c534a&tochange=64b970234605f682457ada10cd523608861d6864 [Additional Information]: Please observe the attached video for more details.
|
||
Comment 1•7 years ago
|
||
Hi emk, I think bug 1321778 broke this. You probably removed a bit too much of the weak crypto stuff on aboutNetError.xhtml. :) Would you have time to take a look at this? Thanks!
| Comment hidden (mozreview-request) |
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → VYV03354
Status: NEW → ASSIGNED
Flags: needinfo?(VYV03354)
|
|
||
Comment 3•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8863728 [details] Bug 1361288 - Remove vestigial reference to advancedLongDesc and hide advancedButton for SSLv3 erros. https://reviewboard.mozilla.org/r/135502/#review138760 Sounds fine to me :)
Attachment #8863728 -
Flags: review?(jhofmann) → review+
Pushed by VYV03354@nifty.ne.jp: https://hg.mozilla.org/integration/autoland/rev/c0f6afd83308 Remove vestigial reference to advancedLongDesc and hide advancedButton for SSLv3 erros. r=johannh
|
||
Comment 5•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/c0f6afd83308
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 55
|
||
Comment 6•7 years ago
|
||
Please request Beta approval on this when you get a chance.
status-firefox-esr52:
--- → unaffected
Flags: needinfo?(VYV03354)
|
|
Assignee | |
Comment 7•7 years ago
|
||
Comment on attachment 8863728 [details] Bug 1361288 - Remove vestigial reference to advancedLongDesc and hide advancedButton for SSLv3 erros. Approval Request Comment [Feature/Bug causing the regression]: 1321778 [User impact if declined]: Users will be confused by a non-working button. [Is this code covered by automated tests?]: No, manually tested. [Has the fix been verified in Nightly?]: Yes. [Needs manual test from QE? If yes, steps to reproduce]: Probably this is already a part of manual QA. See comment #0 in this bug. [List of other uplifts needed for the feature/fix]: none [Is the change risky?]: No. [Why is the change risky/not risky?]: This change will simply remove a button in an unusual case. [String changes made/needed]: No. I intentionally avoided string changes to make uplift possible.
Flags: needinfo?(VYV03354)
Attachment #8863728 -
Flags: approval-mozilla-beta?
|
||
Comment 8•7 years ago
|
||
Hi :emilghitta, Can you help check if it's fixed in the latest nightly?
Flags: qe-verify+
Flags: needinfo?(emil.ghitta)
|
||
Comment 9•7 years ago
|
||
I have reproduced this bug following the STR from comment #0 with nightly 55.0a1 (2017-05-01)(64-bit) on Manjaro 17 (64bit). I can verify that this bug is fixed in Latest Nightly 55.0a1 (advanced button is hidden as the comment #3 suggested) Build ID 20170504100357 User Agent Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0 [bugday-20170503]
Flags: needinfo?(emil.ghitta)
|
Reporter | |
Comment 10•7 years ago
|
||
Hi Gerry! I can confirm that this issue is verified fixed (the advance button is not longer displayed as per comment #7) on the latest Firefox Nightly 55.0a1 (Build Id:20170504030320) using MacOS 10.11 and Windows 10 64bit. I will let the qe-verify+ flag until this is verified fixed in 54 as well. Thank you Sayed for verifying this issue!
|
|
||
Comment 11•7 years ago
|
||
Comment on attachment 8863728 [details] Bug 1361288 - Remove vestigial reference to advancedLongDesc and hide advancedButton for SSLv3 erros. Fix a regression by removing the advance button. Beta54+. Should be in 54 beta 6.
Attachment #8863728 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 12•7 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-beta/rev/f50c53dd88a2
|
||
Comment 13•7 years ago
|
||
Verified fixed Fx 54b6 on Win 10, Ubuntu 14.04, OS X 10.12.
You need to log in
before you can comment on or make changes to this bug.
Description
•