Closed
Bug 353158
Opened 18 years ago
Closed 17 years ago
after downloading CRL over SSL (https) the lock is shown on non-SSL page
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: oh3nwq, Unassigned)
References
()
Details
(Whiteboard: CLOSEME 07/09)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060917 Firefox/1.5.0.7 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060917 Firefox/1.5.0.7 When you downloading CRL over SSL (https) the SSL lock icon is left on the screen, even though the web page is not using SSL. Reproducible: Always Steps to Reproduce: 1. Install the Root CA certificate from my page http://raapr.org/ca/ 2. download the CRL from the same page - the CRL is located on https://home.raapr.org/~ca/raapr_root.crl 3. You see the LOCK ICON on http://raapr.org/ca/ Actual Results: You see the LOCK ICON on http://raapr.org/ca/ even though the page is not encrypted Expected Results: no lock icon showing as the page is not encrypted I have not verified if this happens for other downloads (besides CRL) but probably it will... This might also lead to an exploit which makes the user believe that the viewed page is encrypted. I have not tested this on Windows version.
Reporter | ||
Comment 1•18 years ago
|
||
tried today with Windows version and same happens with it too.
Version: unspecified → 1.5.0.x Branch
Comment 2•17 years ago
|
||
Reporter, do you still see this problem with the latest Firefox 2? If not, can you please close this bug as WORKSFORME. Thanks!
Whiteboard: CLOSEME 07/09
Reporter | ||
Comment 3•17 years ago
|
||
seems to have been corrected in Firefox 2.0.0.4
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•