Closed Bug 171555 Opened 23 years ago Closed 23 years ago

Mozilla reports "secure" site as insecure

Categories

(Core Graveyard :: Security: UI, defect, P3)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED WORKSFORME

People

(Reporter: lsof, Assigned: ssaux)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1b) Gecko/20020722 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1b) Gecko/20020722 Mozilla is reporting a secure site as insecure - the padlock appears broken and red despite the certificate information showing as valid. Reproducible: Always Steps to Reproduce: 1. Go to http://uk.directline.com/travel/welcome.htm 2. Click "Online Quote" next to the traffic light, top right 3. A new window opens, prompting for your details. Enter something sensible. Note the padlock is unbroken, then click "Get a quote" 4. The next page has a broken padlock. Actual Results: Broken padlock - despite Page Info showing valid cert. Expected Results: Unbroken padlock?
Worksfor me in build 2002092708 (Mozilla 1.2a) on Mac OS 9. I see the padlock, and when I clikc it, Mozilla tells me that it has a valid certificate, and is using RC4 128-bit encryption. Reporter, can you try a later build, like 1.1 (it's already released) or 1.2a ?
Broken in build 2002091016 (Mozilla 1.2a) Wait until the page that reads "You can be confident that this is a very secure site" changes to a new page. The padlock then goes red.
Doesn't work under Mozilla 1.1 final. Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826
-> PSM
Assignee: sgehani → ssaux
Component: XP Apps → Client Library
Product: Browser → PSM
QA Contact: paw → junruh
Version: other → unspecified
Can you provide a valid postal code to enter into the box for testing, i keep getting an error ...
Sure. 90210 isn't valid, but it works :) Try SW1 1AA
The red line through the lock icon means that some of the page contained unencrypted information, and you should see that warning if you have all of your SSL preferences checked. At some point during the redirecting to the final page, some info is downloaded via http instead of https. The final page where you click on "Get Premium" does not warn that you are submitting insecure data, so the information that you submit is secure.
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
OS: Linux → All
Priority: -- → P3
Hardware: PC → All
Resolution: --- → WORKSFORME
Version: unspecified → 2.4
Makes it difficult to spot secure sites then.
Secure sites show an unbroken lock icon. As an example, visit this site - https://www.verisign.com/
Yet the site in this bug report is supposedly "secure".
Oh, I just saw too late that the bug is already marked worksforme. For what it's worth, I also tried to reproduce, but when I tried to navigate on that site, filling out all kinds of stuff and submitting, the lock icon was locked yellow all the time.
Verified with the 11/12/02 commerical trunk Win2000 build.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.