unsecured page appears encrypted after going to an ssl site that causes redirection limit exceeded error

RESOLVED DUPLICATE of bug 268483

Status

()

Core
Security
RESOLVED DUPLICATE of bug 268483
13 years ago
13 years ago

People

(Reporter: Marcus Reid, Assigned: Darin Fisher)

Tracking

(Blocks: 1 bug)

Trunk
x86
FreeBSD
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:fix], URL)

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050104 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050104 Firefox/1.0

The indicators that the current page is encrypted with ssl are turned on on an
unsecured page under certain circumstances.

Reproducible: Always

Steps to Reproduce:
1. Go to an unsecured page
2. Go to a ssl-enabled site that causes redirection limit exceeded error
3. Observe that the URL bar is yellow and padlock icons are lit, while
displaying unsecured page.

Actual Results:  
The URL bar displays the URL of the unencrypted site, the unencrypted site is
displayed, but the ssl-excured page indicators are lit up.

Expected Results:  
The ssl-encrypted page indicators should not be displayed under these circumstances.
Confirming, moving to Core.
Assignee: firefox → darin
Blocks: 278184, 278186
Status: UNCONFIRMED → NEW
Component: General → Security: General
Ever confirmed: true
Product: Firefox → Core
Whiteboard: [sg:fix]
Version: unspecified → Trunk
somewhat similar to bug 238566
Blocks: 130949
Flags: blocking1.7.6?
Flags: blocking-aviary1.0.1?

Comment 3

13 years ago
+ for 1.0.1
Flags: blocking1.8b+
Flags: blocking-aviary1.0.1?
Flags: blocking-aviary1.0.1+
+ing for 1.7.6 too.
Flags: blocking1.7.6? → blocking1.7.6+
(Assignee)

Comment 5

13 years ago
This may be a duplicate of bug 268483.  A redirection limit exceeded error is
reported by necko in the same way as a connection failure, and the fix for bug
268483 may very well have solved this bug too.
(Assignee)

Comment 6

13 years ago
After some testing, I determined that this is indeed a duplicate.

My test consisted of setting up an Apache server with a CGI script that
redirects infinitely to itself.  I then setup a HTML page that links to the CGI
script.  I hosted the HTML page on a http:// link and the CGI script on a
https:// link.  In firefox 1.0, I can reproduce the problem, but with a recent
aviary 1.0.1 branch build, the problem does not exist.  Therefore, I conclude
that this is a dupe.

*** This bug has been marked as a duplicate of 268483 ***
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE

Updated

13 years ago
Flags: blocking1.8b+
Flags: blocking1.7.6+
Flags: blocking-aviary1.0.1+
Group: security
You need to log in before you can comment on or make changes to this bug.