Closed Bug 280461 Opened 20 years ago Closed 20 years ago

unsecured page appears encrypted after going to an ssl site that causes redirection limit exceeded error

Categories

(Core :: Security, defect)

x86
FreeBSD
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 268483

People

(Reporter: marcus, Assigned: darin.moz)

References

()

Details

(Whiteboard: [sg:fix])

User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050104 Firefox/1.0 Build Identifier: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050104 Firefox/1.0 The indicators that the current page is encrypted with ssl are turned on on an unsecured page under certain circumstances. Reproducible: Always Steps to Reproduce: 1. Go to an unsecured page 2. Go to a ssl-enabled site that causes redirection limit exceeded error 3. Observe that the URL bar is yellow and padlock icons are lit, while displaying unsecured page. Actual Results: The URL bar displays the URL of the unencrypted site, the unencrypted site is displayed, but the ssl-excured page indicators are lit up. Expected Results: The ssl-encrypted page indicators should not be displayed under these circumstances.
Confirming, moving to Core.
Assignee: firefox → darin
Status: UNCONFIRMED → NEW
Component: General → Security: General
Ever confirmed: true
Product: Firefox → Core
Whiteboard: [sg:fix]
Version: unspecified → Trunk
somewhat similar to bug 238566
Blocks: lockicon
Flags: blocking1.7.6?
Flags: blocking-aviary1.0.1?
+ for 1.0.1
Flags: blocking1.8b+
Flags: blocking-aviary1.0.1?
Flags: blocking-aviary1.0.1+
+ing for 1.7.6 too.
Flags: blocking1.7.6? → blocking1.7.6+
This may be a duplicate of bug 268483. A redirection limit exceeded error is reported by necko in the same way as a connection failure, and the fix for bug 268483 may very well have solved this bug too.
After some testing, I determined that this is indeed a duplicate. My test consisted of setting up an Apache server with a CGI script that redirects infinitely to itself. I then setup a HTML page that links to the CGI script. I hosted the HTML page on a http:// link and the CGI script on a https:// link. In firefox 1.0, I can reproduce the problem, but with a recent aviary 1.0.1 branch build, the problem does not exist. Therefore, I conclude that this is a dupe. *** This bug has been marked as a duplicate of 268483 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Flags: blocking1.8b+
Flags: blocking1.7.6+
Flags: blocking-aviary1.0.1+
Group: security
You need to log in before you can comment on or make changes to this bug.