Closed
Bug 1714582
Opened 5 years ago
Closed 4 years ago
[Bug] After clicking on "Accept the Risk and Continue" in the notification "Secure Connection Failed", Firefox for Android marks untrusted by any reason HTTPS site connection as secure
Categories
(GeckoView :: General, defect, P1)
Tracking
(firefox92 fixed)
VERIFIED
FIXED
92 Branch
| Tracking | Status | |
|---|---|---|
| firefox92 | --- | fixed |
People
(Reporter: petru, Assigned: bugzilla)
References
Details
(Whiteboard: [geckoview:m92])
Attachments
(2 files)
From github: https://github.com/mozilla-mobile/fenix/issues/19799.
Steps to reproduce
- Open any untrusted site with HTTPS connection using Firefox for Mobile (for example, badssl.com).
- Skip notification "Secure Connection Failed" by clicking on "Accept the Risk and Continue"
- Look at the security icon and status
Expected behavior
Firefox for Android defines connection as unsecure even with security exception, like Firefox for Desktop
Actual behavior
Firefox for Android defines connection and site's certificate as fully secure and misleads the user
Device information
- Device vendor / model and Android version: Samsung Galaxy A20s (ARM64) with Android 10, Samsung Galaxy J2 Prime (ARMv7) with Android 6.0.1
- Firefox for Android version: 89.1.1, 90.0.0-beta.1
Screenshots
(how it looks at Samsung Galaxy A20s)
(how it looks at Samsung Galaxy J2 Prime)Video
Change performed by the Move to Bugzilla add-on.
| Reporter | ||
Comment 1•5 years ago
|
||
Updated•5 years ago
|
Severity: -- → S3
Priority: -- → P1
Updated•5 years ago
|
Updated•4 years ago
|
Severity: S3 → --
Priority: P1 → --
Updated•4 years ago
|
Severity: -- → S3
Priority: -- → P1
Whiteboard: [geckoview:m92]
| Assignee | ||
Updated•4 years ago
|
Assignee: nobody → aklotz
Status: NEW → ASSIGNED
| Assignee | ||
Comment 2•4 years ago
|
||
Two issues:
- We were missing the
originAttributesargument tonsICertOverrideService.hasMatchingOverride. - If the override does exist, we should flagging it as insecure.
I also enhanced a test to check this.
Pushed by aklotz@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/bdd3b02b105a
Ensure that cert error overrides do not mistakenly flag a connection as secure; r=geckoview-reviewers,owlish
Comment 4•4 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox92:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 92 Branch
| Assignee | ||
Updated•4 years ago
|
Flags: qe-verify+
Comment 5•3 years ago
|
||
This is still reproducible for private sessions. In both Focus and Firefox private mode.
Comment 6•3 years ago
|
||
Verified as fixed on the latest Nightly 109.0a1 from 22/11 with Sony Xperia (Android 6.0.1). Firefox for Android defines connection as unsecure in normal and private browsing.
Updated•3 years ago
|
Status: RESOLVED → VERIFIED
Flags: qe-verify+ → qe-verify-
Updated•3 years ago
|
Flags: qe-verify-
You need to log in
before you can comment on or make changes to this bug.
Description
•