Certificate warning displays in front, regardless which tab is in view




14 years ago
11 years ago


(Reporter: lists, Unassigned)


2.0 Branch
Windows XP

Firefox Tracking Flags

(Not tracked)


(Whiteboard: DUPEME?)



14 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

If one is browsing various sites in multiple tabs, the certificate warning can
be very misleading. 

My flatmate was checking webmail (with a self-signed cert) and logging on to her
banking site. As she had the banking tab in focus when the certificate warning
came up, she assumed that the certificate problem was with the bank's site and
was quite distressed. 

Ideally, in my opinion, the tab would flash but the message would arise only
when the user returned to that tab.

Reproducible: Always

Comment 1

12 years ago
Can you reproduce the problem with the latest build of Firefox 2 or 3?
If not, please close this bug as WORKSFORME.
Whiteboard: CLOSEME 08/07, DUPEME?
I can reproduce this using Firefox Might be a dupe...

 1. Open two tabs
 2. Go to https://cacert.org/ in the second tab
 3. Quickly switch to the first tab
 4. The cert warning will pop up in front of the current tab

Potential expected results:
 a. Tab switches to the tab which the cert warning is being displayed
 b. Tab blinks that there is an alert/warning on that tab and shows the warning when viewed

This is probably a dupe. Someone should test this on trunk.
Severity: enhancement → minor
Summary: Certificate warning displays at front of window, dispite which tab is viewing the page → Certificate warning displays in front, regardless which tab is in view
Whiteboard: CLOSEME 08/07, DUPEME? → DUPEME?
Version: unspecified → 2.0 Branch

Comment 3

11 years ago
1. tested this on Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1a1pre) Gecko/2008060104 Minefield/3.1a1pre
Got this leak: Leaks in window 0x2463800: recl 
and the message Cannot Complete Request
cacert.org uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.

(Error code: sec_error_unknown_issuer)
aimed twice.
Got this: Leaks in window 0x2a0bec0:
Error Console gives:
Security Error: Content at about:neterror?e=nssBadCert&u=https%3A//cacert.org/&c=UTF-8&d=cacert.org%20uses%20an%20invalid%20security%20certificate.%0A%0AThe%20certificate%20is%20not%20trusted%20because%20the%20issuer%20certificate%20is%20unknown.%0A%0A%28Error%20code%3A%20sec_error_unknown_issuer%29%0A may not load or link to chrome://errorzilla/content/mozilla1.gif.

This as my report,


Comment 4

11 years ago
indeed, this is mostly fixed on trunk as in 99% of all cases we do not show a dialog for certificate warnings. (there are currently edge cases...)

given that this bug is reported against ff2 branch, i'll leave squishing this bug to johnath.

I'd mark this bug as WONTFIX for branch, the backport (especially atm given some regressions and API breaks) isn't a good idea and it's feature work from ff3.
What timeless said - backporting the change to error pages in FF3 is a lot of work for a short-term gain at this point, and would anyhow be ill-advised since there are a couple boundary case bugs in our FF3 implementation.

I think this is WORKSFORME, not WONTFIX, based on the fact that the problem (ahem) "No longer appears."  In *theory*, we'd take a patch for this on branch if it sprang forth, fully-formed and well-tested with minimal code impact, but in practice I think the bug is solved.
Last Resolved: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.