Open Bug 397731 Opened 18 years ago Updated 3 years ago

Going back/forward from secure page to "broken lock" page reports "broken lock" page as secure

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
defect

Tracking

()

People

(Reporter: javert42, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070718 Fedora/2.0.0.5-1.fc7 Firefox/2.0.0.5 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070718 Fedora/2.0.0.5-1.fc7 Firefox/2.0.0.5 When a secure page references insecure content (like a javascript file, for instance). The only cue Firefox gives the user is a small red line going through the lock in the address bar and on the status bar. (This is a horrible practice, but it's not the bug I'm reporting.) If the user moves from such a page to a completely secure page, then the locks do not have the red line, and Page Info (the security tab) reports that the page is encrypted. If the user then clicks on the BACK button, the browser displays the page with unencrypted content again, but the lock does not have red line, the domain is displayed on the status bar, and Page Info (the security tab) reports that the page is secure. Reproducible: Always Steps to Reproduce: 1. Go to https://students.cs.byu.edu/~javert42/firefox-bug2.html 2. Follow the link to https://students.cs.byu.edu/~javert42/firefox-bug.html 3. Press the BACK arrow button. Actual Results: Same as described in Details Expected Results: The lock should have been crossed out, the domain should not have been displayed on the status bar, and Page Info (the security tab) should report that parts of the page were not encrypted
can't repro on Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Confirmed on Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.10) Gecko/20071128 Ubuntu/8.04 (hardy) Firefox/2.0.0.10 and Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b3pre) Gecko/2008010221 Firefox/3.0b3pre I’ll wildly speculate that this might be because the insecure content is cached, hence “only” secure connections are made to load the page the second time?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.