Closed Bug 1504403 Opened 6 years ago Closed 6 years ago

[feature request] visual feedback for https site directing user to download .exe over non-https

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
64 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1303739

People

(Reporter: conan1989, Unassigned)

Details

Attachments

(1 file)

nvidia.mkv
896.78 KB, video/x-matroska
Details
Attached video nvidia.mkv 
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0

Steps to reproduce:

user goes to a HTTPS site
in this example "https://www.nvidia.com/Download/index.aspx?lang=en-us"

The site directs the user to download a potentially dangerous file type (.exe) over a non-encrypted connection
"http://us.download.nvidia.com/Windows/416.34/416.34-desktop-win10-64bit-international-whql.exe"






Actual results:

The indicators that this is happening are subtle, and the risks not made known to the user.

Example video attached



Expected results:

This might be an opportunity for the browser to inform the user.
Maybe a prompt, something like:

nvidia.com has supplied an insecure connection to download a potentially dangerous file type (.exe)
click here to learn more

abort
this is risky, continue anyway
Hi Conan, Thanks for taking the time to report this issue but I think this has already been reported on Bug 1303739.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: