Closed Bug 280461 Opened 18 years ago Closed 18 years ago

unsecured page appears encrypted after going to an ssl site that causes redirection limit exceeded error

Categories

(Core :: Security, defect)

x86
FreeBSD
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 268483

People

(Reporter: marcus, Assigned: darin.moz)

References

(Blocks 1 open bug, )

Details

(Whiteboard: [sg:fix])

User-Agent:       Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050104 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050104 Firefox/1.0

The indicators that the current page is encrypted with ssl are turned on on an
unsecured page under certain circumstances.

Reproducible: Always

Steps to Reproduce:
1. Go to an unsecured page
2. Go to a ssl-enabled site that causes redirection limit exceeded error
3. Observe that the URL bar is yellow and padlock icons are lit, while
displaying unsecured page.

Actual Results:  
The URL bar displays the URL of the unencrypted site, the unencrypted site is
displayed, but the ssl-excured page indicators are lit up.

Expected Results:  
The ssl-encrypted page indicators should not be displayed under these circumstances.
Confirming, moving to Core.
Assignee: firefox → darin
Status: UNCONFIRMED → NEW
Component: General → Security: General
Ever confirmed: true
Product: Firefox → Core
Whiteboard: [sg:fix]
Version: unspecified → Trunk
somewhat similar to bug 238566
Blocks: lockicon
Flags: blocking1.7.6?
Flags: blocking-aviary1.0.1?
+ for 1.0.1
Flags: blocking1.8b+
Flags: blocking-aviary1.0.1?
Flags: blocking-aviary1.0.1+
+ing for 1.7.6 too.
Flags: blocking1.7.6? → blocking1.7.6+
This may be a duplicate of bug 268483.  A redirection limit exceeded error is
reported by necko in the same way as a connection failure, and the fix for bug
268483 may very well have solved this bug too.
After some testing, I determined that this is indeed a duplicate.

My test consisted of setting up an Apache server with a CGI script that
redirects infinitely to itself.  I then setup a HTML page that links to the CGI
script.  I hosted the HTML page on a http:// link and the CGI script on a
https:// link.  In firefox 1.0, I can reproduce the problem, but with a recent
aviary 1.0.1 branch build, the problem does not exist.  Therefore, I conclude
that this is a dupe.

*** This bug has been marked as a duplicate of 268483 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Flags: blocking1.8b+
Flags: blocking1.7.6+
Flags: blocking-aviary1.0.1+
Group: security
You need to log in before you can comment on or make changes to this bug.