major https sites showing certificate warning

RESOLVED WORKSFORME

Status

Core Graveyard
Security: UI
--
critical
RESOLVED WORKSFORME
15 years ago
2 years ago

People

(Reporter: Jeremy M. Dolan, Assigned: Stephane Saux)

Tracking

Other Branch
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
Best Buy, a huge electronics chain in the US, uses HRS as their credit card
management company. Following the links to log in from bestbuy.com gets you to
  https://www.hrsaccount.com
Which gives an SSL warning with both 0.7rc and trunk builds of Firebird. When I
view the certificate details, I don't see anything wrong with it. (Experation
date, host name, issuer...) I tried on a Windows PC with IE, and did not get any
error or warning about the cert.

Previously (maybe a week ago) I saw another prominent site that gave me a cert
warning with Firebird as well. At the time I didn't think anything of it, but
now there is obviously something more than a webadmin screwup at work here.

Best Buy's credit card site used to work for me fine with Firebird until just
recently. Their certificate does not appear to be new.

This should be a release blocker. At least until someone can determine the exact
cause. (The new warning popup doesn't list what the error actually is, just a
bunch of possibilities (what are we, IE?), so I can't diagnose further)
(Reporter)

Comment 1

15 years ago
blocker nomination. I can not pay my credit card with 0.7rc.
Flags: blocking1.6a?
Flags: blocking1.5?
Also seeing this with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5)
Gecko/20030916 -> removing Firebird reference

Its a certificate warning, everything works if you accept the certificate, so
its an annoyance at worst, unless someone is actually posing as
https://www.hrsaccount.com, in which case its not a bug in Mozilla anyway....
Summary: major https sites showing certificate warning in Firebird → major https sites showing certificate warning

Updated

15 years ago
Flags: blocking1.5?

Comment 3

15 years ago
I'm still seeing this with Firebird 0.7 official release on Win98.  So far, the
certificates are all Verisign.  Certificates from other authorities do seem to
be recognised.  Worrying.  FWIW, IE6 accepts the certificate with no warnings.
No problem with older mozilla.  I don't get any warnings.
Not a regression in NSS.  

What warning are you seeing exactly?  Do you still see it?

Comment 5

15 years ago
WORKSFORME Mozilla 1.6 MacOS 10.3.2
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → WORKSFORME

Updated

13 years ago
Component: Security: UI → Security: UI
Product: PSM → Core
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.