no warning and no lock-symbol when entering secure site within frames

VERIFIED INVALID

Status

Core Graveyard
Security: UI
VERIFIED INVALID
16 years ago
2 years ago

People

(Reporter: Franz, Assigned: Stephane Saux)

Tracking

1.0 Branch
x86
Windows 2000

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

16 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826

http://www.billigzigaretten.de/ uses secure communication in frames
Mozilla issues no warning that a secure connection is started.

BTW: #23130 refers to #13790 which I am not allowed to read.
BTW2: the current behaviour is a privacy issue, since special measures
taken at a HTTP-Proxy-level a bypassed without the user's consent.

Reproducible: Always

Steps to Reproduce:
1. http://www.billigzigaretten.de/
2. click at "Hier geht es weiter"
3.



Expected Results:  
The usual warning *before* Mozilla establishes any SSL-Connection

Comment 1

15 years ago
->Security
Assignee: asa → mstoltz
Component: Browser-General → Security: General
QA Contact: asa → bsharma
Lock icon issues go to the PSM product.
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: Trunk → 2.4

Comment 3

15 years ago
Looks invalid to me. I don't see any evidence that a secure connection is even
attempted. IE6 behave the same way - no lock icon.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → INVALID
(Reporter)

Comment 4

15 years ago
It seems to me as if the site no longer uses https in their frame.
So it's not a good test case for the bug :-(. Does sb have another
example (https is loaded within a frame)?
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
(Reporter)

Comment 5

15 years ago
Here is a *new* testcase:

http://q0.0catch.com/test.html loads https://www.trustcenter.de/ in a
frame. No warning occurs.

[I had to trick around the advertising stuff of 0catch.com which
does not work with IE!]
(Reporter)

Comment 6

15 years ago
Created attachment 113755 [details]
preferences on my machine

the marked preference settings (red dot) shall evoke
warning/ask for permission before loading the frame
content of the test case.

Comment 7

15 years ago
Re-marking invalid. The outer frame is insecure as the lock icon shows, and
there is no reason to warn the user that some or all of the content displayed is
delivered through https. 

Internet Explorer behaves the same way, as does Netscape Communicator 4.X. 

Warnings ARE in place when you enter an https site from an http site and vice
versa, (such as clicking on Deutsch or English on the test URL) as well as
warnings if you are submitting insecure data, whether the page shows http or https.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago15 years ago
Resolution: --- → INVALID
(Reporter)

Comment 8

15 years ago
Mozilla's help says:

*  Loading a page that supports encryption: Select this warning if you want to
be reminded whenever you are loading a page that supports encryption.

Test test url does load "a page that supports encryption" but Mozilla
does not warn nor ask for permission.

Comment 9

15 years ago
Verified.
Status: RESOLVED → VERIFIED

Updated

13 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

10 years ago
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.