Closed Bug 169289 Opened 22 years ago Closed 21 years ago

No alert for Encrypted/Unencrypted mix and displays both during HTTPS session

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
PowerPC
Mac System 9.x
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 135007

People

(Reporter: ramzewe, Assigned: ssaux)

References

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC; en-US; rv:1.0.0) Gecko/20020529
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC; en-US; rv:1.0.0) Gecko/20020529

Mozilla 1.0 does not alert the user when viewing a page that contains encrypted
and unencrypted data, worse it displays the unencrypted data.

This is contrary to the correct behavior in Netscape 4.x which alerts the user
and does NOT display unencrypted data

Reproducible: Always

Steps to Reproduce:
1.load the following link during an HTTPS session:

<img src="http://images.00mm.net/metrowerks/images/spacer.gif" width="1"
height="1" alt="" border="0"></td>

(often ab-used for web bug email tracking...)
Actual Results:  
1. There WILL NOT be an alert indicating that "You have requested a secure
document that contains some insecure information. The insecure information will
not be shown." And the insecure information WILL be shown.

Expected Results:  
Should produce the above alert and NOT show the insecure information, as would
be the case using Netscape 4.x

Netscape 7.0 using the Gecko engine is also susceptible. See bug #169085
ramzewe, are you using the same user profile in both Mozilla and Netscape 7? Please be aware 
that isn't supported and causes some problems. See the release notes for either browser.
*** Bug 177008 has been marked as a duplicate of this bug. ***
->PSM
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: Trunk → 2.4
I believe that the new policy is to allow gif files from http:// sources to be
displayed without a security warning.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
QA Contact: junruh → bmartin
Resolution: --- → WONTFIX
My understanding is: It is currently not seen as a high priority feature to
check the security feature of images, but it is indeed wanted for a future release.
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---

*** This bug has been marked as a duplicate of 135007 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago21 years ago
Resolution: --- → DUPLICATE
Verified dupe.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.