Closed
Bug 251472
Opened 20 years ago
Closed 20 years ago
URL bar can falsely show certificate as being valid for the site
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: raccettura, Assigned: bugzilla)
References
()
Details
Attachments
(2 files)
I stumbled upon a somewhat dirty trick: Start your browser and visit: https://robert.accettura.com You'll get that notice that the cert doesn't match the server. It shows with a lock with a line through it... all is good. Now open a new tab, and copy/paste the following URL in: https://robert.accettura.com/gallery You don't get a notification that the cert doesn't match the server *but* it shows the icon as a normal healthy icon. It should still show the icon with a '/' through it, since it's the same site, and same server... they don't match. Screenshots forthcoming.
Reporter | ||
Comment 1•20 years ago
|
||
Reporter | ||
Comment 2•20 years ago
|
||
Comment 3•20 years ago
|
||
I can confirm with another way to show the problem. If you get \gallery\ with the slashed icon, do a Ctrl+R (Reload) and the slashed lock will change to the normal one.
Comment 4•20 years ago
|
||
The certificate not matching produces the warning, but lock with the slash through doesn't indicate anything about that. The lock with the slash through is because it's a secure page which has content (images) loaded from an insecure location (some of the little buttons for blogshares and stuff). The gallery page is all loaded from the secure server, so it's correct that it has a full lock (and it gets the full lock if you just go straight to it). The difference is between the content of the two pages - it's not the cert. I think this is invalid.
Comment 5•20 years ago
|
||
To quote the Mozilla help page: "A broken lock means that some or all of the elements within the page were not protected by encryption when the page was received, even though the outermost HTML page was encrypted." Once you say OK to the domain name mismatch on the certificate, that cert is trusted until the browser is restarted. Marking invalid.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•