298069 - spurious security warning when following link to a section within the current secure page

Status: RESOLVED WORKSFORME

(SeaMonkey :: Security, defect)

Description

[lvm]

User-Agent:       Mozilla/5.0 (OS/2; U; Warp 3; en-US; rv:1.8b) Gecko/20050301
Build Identifier: Mozilla/5.0 (OS/2; U; Warp 3; en-US; rv:1.8b) Gecko/20050301

Prerequisites: SSL warining 'Leaving a page that supports encryption' must be on.

Note: although the urls listed in the 'Steps to reproduce' section are real, I
cannot provide you with the login information, so you will have to test it
somewhere else unless you have an MTS account and know some russian. Sorry.

When a link to a section within the current secure (https) page is followed, a
spurious security message is displayed. Following the same link from some other
page on the same secure server does not generate this warning.


Reproducible: Always

Steps to Reproduce:
1. Go to 'https://www.mts.ru/cgi-bin/cgi.exe?function=is_chservice'
2. Click on a 'link leading to 'href="cgi.exe?function=is_chservice#discount"'.
(actual link is called 'Получение скидок 15% и 50%' - in russian)


Actual Results:  
Mozilla follows the link, then security warning 'You are about to leave an
encrypted page...' pops up.


Expected Results:  
Warinig should not be displayed

Comment 1

[lvm]

Immediately after submitting this bug I've thought an easier way to reproduce it
than bying an MTS account:

1. Go to https://bugzilla.mozilla.org/page.cgi?id=fields.html#new
2. Go to https://bugzilla.mozilla.org/page.cgi?id=fields.html#resolution - no
links there, just type in the page address field - same page, different section.
3. Spurious security warning pops up

Comment 2

[zug_treno]

Reproducible with Mozilla 1.8b1 but WFM with Deer Park a1 and Mozilla
1.8b2/20050613, related to Core bug 283733?

Comment 3

[Peter Weilbacher]

Yes, WFM in current OS/2 nightly. lvm, if you can reproduce in a new build,
please reopen.