Closed
Bug 189377
Opened 22 years ago
Closed 22 years ago
no warning and no lock-symbol when entering secure site within frames
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
VERIFIED
INVALID
People
(Reporter: franz.gans, Assigned: ssaux)
References
()
Details
Attachments
(1 file)
21.43 KB,
image/png
|
Details |
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
http://www.billigzigaretten.de/ uses secure communication in frames
Mozilla issues no warning that a secure connection is started.
BTW: #23130 refers to #13790 which I am not allowed to read.
BTW2: the current behaviour is a privacy issue, since special measures
taken at a HTTP-Proxy-level a bypassed without the user's consent.
Reproducible: Always
Steps to Reproduce:
1. http://www.billigzigaretten.de/
2. click at "Hier geht es weiter"
3.
Expected Results:
The usual warning *before* Mozilla establishes any SSL-Connection
Comment 1•22 years ago
|
||
->Security
Assignee: asa → mstoltz
Component: Browser-General → Security: General
QA Contact: asa → bsharma
Comment 2•22 years ago
|
||
Lock icon issues go to the PSM product.
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: Trunk → 2.4
Comment 3•22 years ago
|
||
Looks invalid to me. I don't see any evidence that a secure connection is even
attempted. IE6 behave the same way - no lock icon.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
It seems to me as if the site no longer uses https in their frame.
So it's not a good test case for the bug :-(. Does sb have another
example (https is loaded within a frame)?
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Here is a *new* testcase:
http://q0.0catch.com/test.html loads https://www.trustcenter.de/ in a
frame. No warning occurs.
[I had to trick around the advertising stuff of 0catch.com which
does not work with IE!]
the marked preference settings (red dot) shall evoke
warning/ask for permission before loading the frame
content of the test case.
Comment 7•22 years ago
|
||
Re-marking invalid. The outer frame is insecure as the lock icon shows, and
there is no reason to warn the user that some or all of the content displayed is
delivered through https.
Internet Explorer behaves the same way, as does Netscape Communicator 4.X.
Warnings ARE in place when you enter an https site from an http site and vice
versa, (such as clicking on Deutsch or English on the test URL) as well as
warnings if you are submitting insecure data, whether the page shows http or https.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago → 22 years ago
Resolution: --- → INVALID
Mozilla's help says:
* Loading a page that supports encryption: Select this warning if you want to
be reminded whenever you are loading a page that supports encryption.
Test test url does load "a page that supports encryption" but Mozilla
does not warn nor ask for permission.
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•