Closed Bug 189377 Opened 22 years ago Closed 22 years ago

no warning and no lock-symbol when entering secure site within frames

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED INVALID

People

(Reporter: franz.gans, Assigned: ssaux)

References

(
URL
)

Details

Attachments

(1 file)

preferences on my machine
21.43 KB, image/png
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826 http://www.billigzigaretten.de/ uses secure communication in frames Mozilla issues no warning that a secure connection is started. BTW: #23130 refers to #13790 which I am not allowed to read. BTW2: the current behaviour is a privacy issue, since special measures taken at a HTTP-Proxy-level a bypassed without the user's consent. Reproducible: Always Steps to Reproduce: 1. http://www.billigzigaretten.de/ 2. click at "Hier geht es weiter" 3. Expected Results: The usual warning *before* Mozilla establishes any SSL-Connection
->Security
Assignee: asa → mstoltz
Component: Browser-General → Security: General
QA Contact: asa → bsharma
Lock icon issues go to the PSM product.
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: Trunk → 2.4
Looks invalid to me. I don't see any evidence that a secure connection is even attempted. IE6 behave the same way - no lock icon.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
It seems to me as if the site no longer uses https in their frame. So it's not a good test case for the bug :-(. Does sb have another example (https is loaded within a frame)?
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Here is a *new* testcase: http://q0.0catch.com/test.html loads https://www.trustcenter.de/ in a frame. No warning occurs. [I had to trick around the advertising stuff of 0catch.com which does not work with IE!]
URL: http://www.billigzigaretten.de/http://q0.0catch.com/test.html
the marked preference settings (red dot) shall evoke warning/ask for permission before loading the frame content of the test case.
Re-marking invalid. The outer frame is insecure as the lock icon shows, and there is no reason to warn the user that some or all of the content displayed is delivered through https. Internet Explorer behaves the same way, as does Netscape Communicator 4.X. Warnings ARE in place when you enter an https site from an http site and vice versa, (such as clicking on Deutsch or English on the test URL) as well as warnings if you are submitting insecure data, whether the page shows http or https.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → INVALID
Mozilla's help says: * Loading a page that supports encryption: Select this warning if you want to be reminded whenever you are loading a page that supports encryption. Test test url does load "a page that supports encryption" but Mozilla does not warn nor ask for permission.
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: