Closed
Bug 345124
Opened 18 years ago
Closed 11 years ago
anti-phishing may pop up bad cert dialog when trying to get keys
Categories
(Toolkit :: Safe Browsing, defect)
Toolkit
Safe Browsing
Tracking
()
RESOLVED
INVALID
People
(Reporter: tony, Unassigned)
References
Details
The anti-phishing feature grabs keys from a remote server used to decrypt values in local tables and to encrypt urls when in "ask google" mode. The keys are retrieved from www.google.com over https using XMLHttpRequest. If the ssl cert doesn't match for some reason, the user gets a dialog asking if they want to accept a cert. This is a poor user experience. Rather than using XMLHttpRequest, we should use an nsIChannel with a nsIInterfaceRequestor that has a nsIBadCertListener. See http://lxr.mozilla.org/seamonkey/source/toolkit/mozapps/update/src/nsUpdateService.js.in#1674 for reference.
|
Reporter | |
Updated•17 years ago
|
Assignee: tony → nobody
|
||
Comment 1•17 years ago
|
||
This seems likely to be irrelevant when bug 388652 lands. We should consider marking it WONTFIX/INVALID.
Depends on: 388652
|
|
Reporter | |
Comment 2•17 years ago
|
||
It depends on whether Mozilla wants to validate the data from the update servers using a MAC. In that case, we'd still need the key.
|
|
Reporter | |
Comment 3•17 years ago
|
||
For reference: http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec section 4.
|
||
Comment 4•11 years ago
|
||
Pretty sure this isn't a problem -- bad cert errors from XML haven't opened prompts in a long time.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
|
Assignee | |
Updated•10 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•