No Certificate information on Fenix nightly
Categories
(Fenix :: General, defect)
Tracking
(firefox90 unaffected, firefox91 unaffected, firefox92+ fixed)
| Tracking | Status | |
|---|---|---|
| firefox90 | --- | unaffected |
| firefox91 | --- | unaffected |
| firefox92 | + | fixed |
People
(Reporter: agi, Unassigned)
References
()
Details
(Keywords: csectype-spoof, regression, sec-high)
Not sure if this qualifies as a security problem but, on the latest Fenix Nightly #2015825547, clicking on the URL lockpad icon doesn't display the certificate information, the screen dims but that's it.
Android 11, Samsung S10e.
|
||
Comment 1•4 years ago
|
||
yeah, it's a problem -- no way to check provenance of spoof sites and see the whole URL in case they tried to hide things by making the domain longer than the visible part of the URL bar.
Site permissions were on the same panel and are also missing. They generally only showed up if you blocked or granted a permission request, so you can undo your choice. There are hypothetical situations where you might not be able to undo an unsafe choice you made, but I imagine it's more of a usability problem than a security one.
91 beta 4 seems fine: nightly only regression.
|
|
||
Updated•4 years ago
|
|
||
Comment 2•4 years ago
•
|
||
Thanks for filing the ticket.
This was a regression from cca7892e912e2f682ce1ccc4b0a06a4f67511bc9 and we backed it out on 525e5e7c25ecd42a8cca53916cfed54ee0dd3707 on the latest nightly 92.0a1 (Build #2015826123) the panes are showing as expected.
|
||
Updated•4 years ago
|
|
|
||
Updated•3 years ago
|
|
||
Updated•2 years ago
|
Description
•