Security: Firefox switches between secure and insecure sites without useful warning

RESOLVED WORKSFORME

Status

()

--
major
RESOLVED WORKSFORME
15 years ago
6 years ago

People

(Reporter: lsof, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040615 Firefox/0.9
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040615 Firefox/0.9

Firefox will switch between a secure website and a non-secure website without
warning.

Reproducible: Always
Steps to Reproduce:
1. Go to https://www.mail2web.com/
2. After the page has loaded, enter http://www.cnn.com/ in the Location bar

A warning will appear as the insecure site loads in the background. Wait a moment.

The warning says "You are about to leave an encrypted page.."

You have two options:
 1. Do not press OK. You don't want to leave the secure site.
 2. Don't press OK - you're not happy with leaving a secure site. There is no
Cancel button. Close the warning box.


Expected Results:  
Two improvements:
 1. Do not load the insecure site until the user has chosen what they want to do.
 2. Add a "Cancel" button to the warning dialog.
(Reporter)

Updated

15 years ago
Summary: Security: Firefox switches between secure and insecure sites without warning → Security: Firefox switches between secure and insecure sites without useful warning

Comment 1

15 years ago
The notice is just a notification. In the case you suggested, clearly the user
wants to go to www.cnn.com, so it is just informing the user that www.cnn.com is
insecure. Adding a Cancel button would just present an unnessary choice to the user.

Wontfixing. Feel free to reopen if you can provide us with a good case for why
these changes would be useful, and maybe someone higher up the food chain will
decide to do this.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → WONTFIX
(Reporter)

Comment 2

15 years ago
> clearly the user wants to go to www.cnn.com
Not always true. You'll get the same behaviour if the website decides to send
you to an insecure site.

Try logging in to www.hotmail.com
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---
wont ?

Comment 4

13 years ago
I second the original request. When I'm on public WLAN I try to use https in
order to keep my session/passwords safe and uncompromised. Then I get to a
section of the site or click on a link that is insecure - and Firefox warns me
about it, very cool! But what to do next? Basically, I have to abandon the
browser window to continue surfing, because right now there are no other
options. A "cancel" button would go a LONG way!
Assignee: bross2 → nobody

Comment 5

12 years ago
Does this mean this bug is finally going to be fixed?
I laugh every time I see Firefox touting itself as "the most secure browser."
This bug makes it the most *insecure* browser!
This dialog no longer appears following the STR in comment 0 - the secure connection data to the left of the URL bar is sufficient to convey the status of the connection to the user.
Status: NEW → RESOLVED
Last Resolved: 15 years ago6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.