Closed Bug 353158 Opened 18 years ago Closed 17 years ago

after downloading CRL over SSL (https) the lock is shown on non-SSL page

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
1.5.0.x Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: oh3nwq, Unassigned)

References

(
URL
)

Details

(Whiteboard: CLOSEME 07/09) 

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060917 Firefox/1.5.0.7
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060917 Firefox/1.5.0.7

When you downloading CRL over SSL (https) the SSL lock icon is left on the screen, even though the web page is not using SSL.

Reproducible: Always

Steps to Reproduce:
1. Install the Root CA certificate from my page http://raapr.org/ca/
2. download the CRL from the same page - the CRL is located on https://home.raapr.org/~ca/raapr_root.crl
3. You see the LOCK ICON on http://raapr.org/ca/

Actual Results:  
You see the LOCK ICON on http://raapr.org/ca/ even though the page is not encrypted

Expected Results:  
no lock icon showing as the page is not encrypted

I have not verified if this happens for other downloads (besides CRL) but probably it will... This might also lead to an exploit which makes the user believe that the viewed page is encrypted.
I have not tested this on Windows version.
tried today with Windows version and same happens with it too.
Version: unspecified → 1.5.0.x Branch
Reporter, do you still see this problem with the latest Firefox 2? If not, can you please close this bug as WORKSFORME. Thanks!
Whiteboard: CLOSEME 07/09
seems to have been corrected in Firefox 2.0.0.4
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.