Open Bug 1636529 Opened 5 years ago Updated 3 years ago

Clicking the URL bar lock icon does nothing on some sites

Categories

(Firefox :: Site Identity, defect, P5)

Product:
Firefox
Component:
Site Identity
Version:
76 Branch
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: pablo, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0

Steps to reproduce:

Open the web site https://infosec-handbook.eu/ with Flatpak release of 76.0.1 for x86_64 on Debian 10.

Actual results:

Web page loads normally and shows the lock icon in the URL bar. When I hover the mouse cursor over the lock icon, it says (correctly) "Verified by Let's Encrypt".

However if I click the lock icon, nothing happens.

Expected results:

It should open the "Site Information for infosec-handbook.eu" page, like it does with other versions of Firefox.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Site Identity

Because this bug's Severity is normal and has not been changed, and this bug's priority is -- (none,) indicating it has has not been previously triaged, the bug's Severity is being updated to -- (default, untriaged.)

Severity: normal → --

The severity field is not set for this bug.
:nhnt11, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(nhnt11)

BTW, I cannot reproduce this anymore on https://infosec-handbook.eu, after restarting the browser.

Now about:certificate for that particular site says:

Not Before
5/8/2020, 8:32:38 AM (Eastern European Summer Time)

That was the same date I reported this bug. Maybe it is not a coincident.

I thought I saw a bug about the identity panel not responding correctly to changing cert timestamps? Could this be related, in the sense that prior to that date the cert was invalid, but around the time it became valid, the UI was not updated?

Johann, do you remember the bug I'm talking about by any chance? Or maybe have any other idea what's going on here? I guess this needs a testcase where the cert is only valid starting at a time in the near future.... badssl doesn't seem to have one (understandably).

I'm marking this P5 for now until we have reliable testcase/STR.

Severity: -- → S3
Flags: needinfo?(nhnt11) → needinfo?(jhofmann)
Priority: -- → P5

Unfortunately I don't, next time this happens we can probably find the culprit by looking at errors thrown in the browser toolbox, but without a way to reproduce I'm not sure what to do here :/

Flags: needinfo?(jhofmann)

The lock icon in the URL bar is used to indicate that a website is using a secure connection, typically HTTPS. If clicking on the lock icon does nothing, it could be because the website is not using HTTPS, or there may be an issue with the website's implementation of the secure connection. In some cases, it could also be an issue with the browser or device you are using to access the website. If you are concerned about the security of the website you are visiting, it's best to double check the URL to make sure it starts with "https" and avoid entering sensitive information on the site. https://nuttyapps.com/marvel-future-fight-unlimited-gold-and-crystal/

You need to log in before you can comment on or make changes to this bug.