184303 - Back button allows connection to site with bad SSL certificate without warning

Status: VERIFIED INVALID

(Core Graveyard :: Security: UI, defect)

Description

[fiber]

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.2.1) Gecko/20021130
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.2.1) Gecko/20021130

If you connect to a site with a problem with its certificate (Issuer Unknown)
Mozilla correctly raises a warning. If you select do not proceed ( or proceed
once only) and then go to other websites and then use the back button it will
connect to the site without raising any warnings that there is a problem

Reproducible: Sometimes

Steps to Reproduce:
1.Connect to site https://frontdoor.goldfish.com/goldfish/logonInit.do
2.Click on do not proceed on the warning page.
3.Move to another website or two
4.Select https://frontdoor.goldfish.com/goldfish/logonInit.do from the back
button list
5. Page loads with no warnings 

Actual Results:  
Page loads securely, but with no warning about teh certificate

Expected Results:  
Warned you again about the certificate problems

Comment 1

[Matthias Versen [:Matti]]

-> PSM (or History ?)

Comment 2

[John Unruh]

Marking invalid.
Steps to Reproduce:
1.) Connect to site https://frontdoor.goldfish.com/goldfish/logonInit.do
2.) Click on do not proceed on the warning page.
What happens: You do not reach the website, thus you cannot go back to it.
or:
1.) Connect to site https://frontdoor.goldfish.com/goldfish/logonInit.do
2.) Select to accept the certificate for this session only.
What happens: You can reach the site, visit other sites, and also return to
https://frontdoor.goldfish.com/goldfish/logonInit.do since you accepted the cert
for this session. The session ends when you close the browser. 

Comment 3

[John Unruh]

Verified.