after downloading CRL over SSL (https) the lock is shown on non-SSL page

RESOLVED WORKSFORME

Status

()

RESOLVED WORKSFORME
12 years ago
12 years ago

People

(Reporter: oh3nwq, Unassigned)

Tracking

1.5.0.x Branch
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: CLOSEME 07/09, URL)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060917 Firefox/1.5.0.7
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060917 Firefox/1.5.0.7

When you downloading CRL over SSL (https) the SSL lock icon is left on the screen, even though the web page is not using SSL.

Reproducible: Always

Steps to Reproduce:
1. Install the Root CA certificate from my page http://raapr.org/ca/
2. download the CRL from the same page - the CRL is located on https://home.raapr.org/~ca/raapr_root.crl
3. You see the LOCK ICON on http://raapr.org/ca/

Actual Results:  
You see the LOCK ICON on http://raapr.org/ca/ even though the page is not encrypted

Expected Results:  
no lock icon showing as the page is not encrypted

I have not verified if this happens for other downloads (besides CRL) but probably it will... This might also lead to an exploit which makes the user believe that the viewed page is encrypted.
I have not tested this on Windows version.
(Reporter)

Comment 1

12 years ago
tried today with Windows version and same happens with it too.
Version: unspecified → 1.5.0.x Branch
Reporter, do you still see this problem with the latest Firefox 2? If not, can you please close this bug as WORKSFORME. Thanks!
Whiteboard: CLOSEME 07/09
(Reporter)

Comment 3

12 years ago
seems to have been corrected in Firefox 2.0.0.4
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.