Secure icon shown on pages with insecure content

RESOLVED DUPLICATE of bug 349209

Status

()

Core
Security
--
major
RESOLVED DUPLICATE of bug 349209
12 years ago
12 years ago

People

(Reporter: David Miller, Assigned: dveditz)

Tracking

Trunk
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b2) Gecko/20060818 BonEcho/2.0b2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b2) Gecko/20060818 BonEcho/2.0b2

The secure-site icon is appearing for websites and can be "bypassed" if necessary as well.  If you navigate to the website in my URL field you can login 

Reproducible: Always

Steps to Reproduce:
1. navigate to the website in the URL field
2. login
3. refresh the page, then head to http://webmail.optonline.net again (make sure cookies are enabled "save session" is ticked off when you log into the website)

Actual Results:  
upon refresh/login the site will display a secure logo instead.

Expected Results:  
The secure site icon should be consistent with what is discovered by the browser.  It should not change it's mind after refreshing the mail page itself.  If it is true that the mail-server itself has a secure certificate, then the browser should have loaded the new certificate anyways and the icon should be adopted the new secure appearance.

If someone cannot be found who does not have an account with Optimum Online, I'll be more than happy to provide you with an e-mail address so that it can be tested out.

I have marked this as a security problem for only one reason.  I do not know much about the inner-workings of FireFox on this end and as such, I do not know how this type of problem might/might-not be used against someone.

Thanks to Dave Townsend for helping me write this long winded bug report :-)

*** This bug has been marked as a duplicate of 349209 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.