Closed
Bug 246919
Opened 20 years ago
Closed 11 years ago
Security: Firefox switches between secure and insecure sites without useful warning
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: lsof, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040615 Firefox/0.9 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040615 Firefox/0.9 Firefox will switch between a secure website and a non-secure website without warning. Reproducible: Always Steps to Reproduce: 1. Go to https://www.mail2web.com/ 2. After the page has loaded, enter http://www.cnn.com/ in the Location bar A warning will appear as the insecure site loads in the background. Wait a moment. The warning says "You are about to leave an encrypted page.." You have two options: 1. Do not press OK. You don't want to leave the secure site. 2. Don't press OK - you're not happy with leaving a secure site. There is no Cancel button. Close the warning box. Expected Results: Two improvements: 1. Do not load the insecure site until the user has chosen what they want to do. 2. Add a "Cancel" button to the warning dialog.
Summary: Security: Firefox switches between secure and insecure sites without warning → Security: Firefox switches between secure and insecure sites without useful warning
Comment 1•20 years ago
|
||
The notice is just a notification. In the case you suggested, clearly the user wants to go to www.cnn.com, so it is just informing the user that www.cnn.com is insecure. Adding a Cancel button would just present an unnessary choice to the user. Wontfixing. Feel free to reopen if you can provide us with a good case for why these changes would be useful, and maybe someone higher up the food chain will decide to do this.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WONTFIX
> clearly the user wants to go to www.cnn.com
Not always true. You'll get the same behaviour if the website decides to send
you to an insecure site.
Try logging in to www.hotmail.com
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---
Comment 3•20 years ago
|
||
wont ?
I second the original request. When I'm on public WLAN I try to use https in order to keep my session/passwords safe and uncompromised. Then I get to a section of the site or click on a link that is insecure - and Firefox warns me about it, very cool! But what to do next? Basically, I have to abandon the browser window to continue surfing, because right now there are no other options. A "cancel" button would go a LONG way!
Updated•17 years ago
|
Assignee: bross2 → nobody
Comment 5•17 years ago
|
||
Does this mean this bug is finally going to be fixed? I laugh every time I see Firefox touting itself as "the most secure browser." This bug makes it the most *insecure* browser!
Comment 6•11 years ago
|
||
This dialog no longer appears following the STR in comment 0 - the secure connection data to the left of the URL bar is sufficient to convey the status of the connection to the user.
Status: NEW → RESOLVED
Closed: 20 years ago → 11 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•