1985309 - Firefox for Android does not provide certificate information like Firefox for desktop

Status: RESOLVED FIXED

(Firefox for Android :: Browser Engine, enhancement)

Description

[moz20]

Steps to reproduce:

Use FF for Android to visit a website where security is extremely important, such as a banking website, such as chase.com . Click the lock icon in the address bar, then click "Connection is secure".

Actual results:

The popup displays the page <title>, the URL, and the message "Connection is secure" and "Verified By: <authority>". However, it does not display "Certificate issued to:" with the name and address of the certificate owner.

Expected results:

As with Firefox for desktop, the certificate owner information should be presented to allow the user greater trust that the site is actually the one intended. Simply displaying the authority without the certificate owner may show that the connection is secure, but provides no assurance that the site is the intended destination. This is critically important when trying to log into a banking or other website when there is much to lose, for example, by phishing or simply mistyping a URL.

Comment 1

[eclaudiu64]

These improvements should also be made.

Comment 2

[Dana Keeler (she/her) [:keeler]]

We probably need this for ETSI/QWACs compliance.

Comment 3

[Dana Keeler (she/her) [:keeler]]

Attachment: Bug 1985309 - use certificate viewer in fenix r?#android-reviewers

Comment 4

[Pulsebot]

Pushed by dkeeler@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/3225a787fef1
https://hg.mozilla.org/integration/autoland/rev/246bedf63914
use certificate viewer in fenix r=android-reviewers,petru

Comment 5

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/246bedf63914