Closed Bug 1772976 Opened 4 years ago Closed 4 years ago

revisit how certificate error overrides from different contexts (e.g. private vs. non-private) interact

Categories

(Core :: Security: PSM, task, P1)

task

Tracking

()

RESOLVED FIXED
103 Branch
Tracking Status
firefox103 --- fixed

People

(Reporter: persmule, Assigned: keeler)

References

(Regressed 1 open bug)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

Steps to reproduce:

Set up an HTTPS site with self-sign certificate.
Launch firefox.
Access the site from normal mode and add its certificate as a permanent certificate exception.
Open a private window.
Access the same site from the private window.

Actual results:

The warning for untrusted certificate is generated.
To suppress the warning, we should add the same certificate in the private window as a temporary certificate exception (because only temporary certificate exceptions can be added in private windows) over and over, when we access the site from a private window for the first time after we launch firefox.

Expected results:

We can access this site with no warning.
This used to happen in previous version.

This bug has been report to Debian as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012430 .

At least, there should be an option (even in about:config) to control whether existing permanent certificate exceptions are effective in private windows, rather than rejecting them unconditionally.

Dana, any ideas on what to do with this bug? Thanks.

Flags: needinfo?(dkeeler)

This is currently expected behavior. Certificate error overrides are partitioned based on origin attributes, which includes the private browsing ID, if applicable. It's unclear what the "right" thing to do here is, as we do want some partitioning of overrides (e.g. if you add an override in a private context, non-private contexts shouldn't be affected by that). Perhaps we need to be more nuanced here, though.

Assignee: nobody → dkeeler
Group: firefox-core-security
Severity: -- → N/A
Status: UNCONFIRMED → NEW
Type: defect → task
Component: Untriaged → Security: PSM
Ever confirmed: true
Flags: needinfo?(dkeeler)
Priority: -- → P1
Product: Firefox → Core
Summary: Permanent certificate exceptions do not work in private windows. → revisit how certificate error overrides from different contexts (e.g. private vs. non-private) interact
Whiteboard: [psm-assigned]
Version: Firefox 91 → unspecified

Certificate error overrides made in non-private contexts should be availble in
private contexts as well (but not vice-versa).

Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c0e375a6c792 make non-private certificate error overrides available in private contexts r=jschanck
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 103 Branch
Regressions: 1774485
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: