Closed
Bug 1492799
Opened 7 years ago
Closed 7 years ago
SSL lock / indicator spoof is possible
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1491543
People
(Reporter: proof131072, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36
Steps to reproduce:
https://bugzilla.mozilla.org/show_bug.cgi?id=1491543 this issue still works after the fix for https://bugzilla.mozilla.org/show_bug.cgi?id=1490982 is released.
Actual results:
SSL lock / indicator is spoofed.
Expected results:
SSL lock / indicator should not be spoofed after redirection.
|
||
Comment 1•7 years ago
|
||
Nightly builds with bug 1490982 haven't finished on Linux or Windows, and on mac the update isn't available yet, so you're probably not testing a build with the fix. Try again after updating to a nightly revision (check in about:buildconfig for the revision link to be https://hg.mozilla.org/mozilla-central/rev/08592337ced1b16cdea73ea94fdb0af9c8927b31 or later ).
Alternatively, manually download a build by clicking on the green [B] links on this page: https://treeherder.mozilla.org/#/jobs?repo=mozilla-central&searchStr=nightly&revision=08592337ced1b16cdea73ea94fdb0af9c8927b31 then the "Job details" tab on the bottom left, then the target.dmg (mac), target.zip (windows) or target.tar.bz2 (linux) links. You probably want the ones in the rows that say "pgo" or "opt".
Flags: needinfo?(proof131072)
|
|
||
Comment 2•7 years ago
|
||
I just retested on Nightly for the 20th (today) and it definitely looks fixed to me. If you can still reproduce, please provide more details in bug 1491543 - we can reopen that one instead of filing a new bug.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Flags: needinfo?(proof131072)
Resolution: --- → DUPLICATE
Sorry for the late reply, I confirmed this issue has been fixed on latest Firefox Nightly.
You need to log in
before you can comment on or make changes to this bug.
Description
•