Open Bug 1754811 Opened 3 years ago Updated 3 years ago

Tooltip on padlock suggests Verified by X without making clear that it is the connection that is verified and not the website

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Version:
Firefox 96
Type:
enhancement

Tracking

()

People

(Reporter: wr63r5i9ft0h, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0

Steps to reproduce:

Hovered over the "security padlock"

Actual results:

Got message e.g. "Verified by: DigiCert Inc"

Expected results:

Message should have said e.g. "Connection verified by : DigiCert"
This would follow the result of clicking on the padlock which says "Connection secure" (i.e. not making any comment about the actual website)
See discussion on https://nakedsecurity.sophos.com/2022/02/07/microsoft-blocks-web-installation-of-its-own-app-installer-files/?unapproved=6385321&moderation-hash=1559a6799f14fcb82498d679877d3b0d#comment-6385321

The Bugbug bot thinks this bug should belong to the 'Core::Networking' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Networking
Product: Firefox → Core
Component: Networking → Security
Product: Core → Firefox

I will set it as an enhancement so the engineering team could decide if they take in consideration changing this.

Status: UNCONFIRMED → NEW
Type: defect → enhancement
Ever confirmed: true

Was the original change to the "padlock" etc to make it clear that it was not verifying the site but the connection originally seen as a mere enhancement or the removal of a security defect (a dysfunctionality in the program that could lead people into a security problem)?

You need to log in before you can comment on or make changes to this bug.