Insecure login warning on http://listjs.com/ with no visible logins present

RESOLVED DUPLICATE of bug 1334760

Status

()

Firefox
Security
RESOLVED DUPLICATE of bug 1334760
11 months ago
11 months ago

People

(Reporter: 13hw, Unassigned)

Tracking

55 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

11 months ago
To reproduce:
http://listjs.com/

Expected:
Does not show insecure login warning icon in location bar.

Actual:
Insecure login warning lock icon is displayed in left section of location bar.

The insecure login warning is not displayed in Private Browsing mode with tracking protection enabled, so it looks like there is a login frame somewhere that is causing the insecure warning. The Twitter follow button is not visible with tracking protection so that may be the culprit.

FWIW, Chrome does not display the Not Secure message on this site.

This may be a duplicate of Bug 1334760 but I wanted to report it just in case.
Yes, it does appear to be an instance of bug 1334760. I didn't see this problem at first so I assume that if you are already logged in to Twitter their hidden frame doesn't have a login field, but it was easy to reproduce with a fresh testing profile. If you aren't logged in and click the "follow" button you get a secure pop-up to do the login, so I'm not sure why Twitter needed to have the password field in their iframe.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1334760
You need to log in before you can comment on or make changes to this bug.