Security warning and corresponding preferences appear to be incorrect/contradictory

RESOLVED WORKSFORME

Status

RESOLVED WORKSFORME
16 years ago
15 years ago

People

(Reporter: welch, Assigned: saari)

Tracking

Details

(Reporter)

Description

16 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.0.1) Gecko/20030226 Chimera/0.6+
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.0.1) Gecko/20030226 Chimera/0.6+

When I leave an encrypted page (e.g., logged into my account on www.dyndns.org)
for an unencrypted page/site (e.g., www.apple.com), I get an expected "Security
Warning" but the message in the dialog box (sheet) is not quite right. It says
"You have requested an encrypted page that contains some unencrypted
information." which is not true. I am leaving an encrypted page and entering
unencrypted site, but there is no mixed encryption.

Similarly the checkbox text on that same dialog box/sheet says "Alert me
whenever I'm about to view an encrypted page that contains some unencrypted
information." This is inappropriate because (again) I am not going to a mixed
page, simply transitioning from encrypted to unencrypted.

On a related not, the Security tab of the Preferences has an option to show a
warning before "Leaving a page that supports encryption." I have this UNchecked
and still get the above warning. If instead I uncheck the "Viewing a page with a
mix of ...." I no longer get the warning.

In summary, I think the mixed encryption dialogs and preferences are confused
with the leaving-encrypted dialogs and preferences.

Mozilla (2003021217) appears to include appropriate dialogs. It says you are
leaving an encrypted site and warns you, and gives the option to disable the
proper preference.

Reproducible: Always

Steps to Reproduce:
1. Make sure the "Viewing a page with a mix of ..." option is CHECKED in the
Security pane of the Preferences.
2. Visit a secure site, e.g. log into (some account on) www.dyndns.org.
3. Enter the URL (or use a bookmark) http://www.apple.com.
4. You should see the Security Warning dialog/sheet.

Actual Results:  
I dismiss the (inappropriate) dialog and go on my merry way.

Expected Results:  
The dialog and preferences should talk about LEAVING an encrypted site for an
unencrypted one, NOT entering a site with mixed encryption.

Comment 1

16 years ago
Confirmed using FizzillaMach/2003022103 going from <https://www.paypal.com/> to
<http://www.apple.com/>.

If the "leaving encrypted page" warning is enabled, that is shown. If that is
then disabled and the test repeated, the "encrypted/unencrypted mix" warning is
shown, even though it shouldn't be.

It doesn't happen using FizzillaMach/2003022103.
Severity: trivial → normal
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 2

15 years ago
I can't confirm this bug using the 2003081002 NB. WorksForMe.
wfm
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.