Closed
Bug 224770
Opened 22 years ago
Closed 22 years ago
Browser padlock does not reflect security of selected frame
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 197443
People
(Reporter: it, Assigned: security-bugs)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007
When I place my cursor in the Credit Card field, which is in a frame that is on
a secure server, the Browser Padlock (bottom right) shows as unlocked (ie. not
secure). This is misleading. The padlock should reflect the security level of
the selected frame.
Web sites often have their secure forms in a SECURE frame on an non-secure page.
It check whether the frame is secure requires right-click, This Frame, View
Frame info. Longwinded!
Reproducible: Always
Steps to Reproduce:
1. Go to http://www.knowledge.co.uk/secure/security-test.htm
2. The Padlock does not change when moved to the secure frame
3.
Expected Results:
The padlock should reflect the security level of the selected frame.
Is bug 140837 at all related?
|
||
Comment 2•22 years ago
|
||
If the toplevel page is not secure, you have no way to know that it's not being
spoofed by a malicious third party and hence have no way to know that the
"secure" frame in question is not a frame loaded from the malicious third
party's site via HTTPS. So in fact the situation is totally unsecure. This is
the same reason why form submissions from an insecure site to a secure one bring
up a security warning in Mozilla...
|
||
Comment 3•22 years ago
|
||
*** This bug has been marked as a duplicate of 197443 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
|
||
Comment 4•22 years ago
|
||
I agree with WONTFIX.
Web designers should redesign their site to have all content shown in all frames
to be transmitted over https.
You need to log in
before you can comment on or make changes to this bug.
Description
•