Any https session becomes partially encrypted after access to a generated PDF.

RESOLVED WORKSFORME

Status

()

--
major
RESOLVED WORKSFORME
11 years ago
11 years ago

People

(Reporter: kevin.gaudin, Assigned: kaie)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12

Proceeding to the secure subscription to a service provided by my company leads firefox to consider any following https session as partially encrypted.

Reproducible: Always

Steps to Reproduce:
1. Connect to https://abo-aix.cyclocity.fr/service/subscribe
2. Fill the form with test data ("test" is ok for almost all fields excepted email which should be well-formed and Numéro de téléphone principal which has to be numeric). 
3. Type and confirm a 4 digits password in fields "Choisissez un code secret" and "Choisissez un code secret"
4. Check the final checkbox "J'accepte les conditions générales d'accès et d'utilisation du service*" and click on "Passer à l'étape suivante"
5. If a javascript box opens, click OK.
6. Click on "Passer à l'étape suivante"
7. Select the first radio button : Choisir le dépot de garantie par chèque
8. Click on "Valider ma demande"
9. Click on the PDF icon to download a subscription form
10. Go to any http web site (http://www.google.com for example) in the same browser tab.
11. Go to any https web site (https://bugzilla.mozilla.org for example) in the same browser tab.
Actual Results:  
Firefox reports a partially encrypted connection for any following https site access. Only access through a new browser tab will provide fully encrypted https connections.

Expected Results:  
Https connections should be considered fully encrypted.

- Cancelling the PDF download when Firefox displays the "opening subscription-form.pdf" dialog leads to the same result
- This is reproductible with Firefox 3 beta 4
- MSIE7 doesn't complain about any security issue after executing the same steps.
- We run a dozen web sites using this subscription process, they all lead to this issue with Firefox.
Assignee: nobody → kengert
Component: Security → Security: PSM
Product: Firefox → Core
QA Contact: firefox → psm
I was trying to reproduce this on windows with recent trunk build and also on mac with 5 days old trunk build. On either of my machines I could not reproduce it. The subscription site is during whole subscription process reported as fully encrypted. Any following https site is also reported as fully secure (if really is). The same with FF3b5.

In firefox 2.0.0.13 the site is from the very start reported as partially encrypted.

This has probably been recently fixed or it is related to some local settings. Please test with one of recent nightly builds here: http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/. If the problem prevails then reopen this bug.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → WORKSFORME
(Reporter)

Comment 2

11 years ago
I tried with the latest-trunk build and could not reproduce the bug. It certainly has been fixed in FF3b5.

Thanks a lot.
(Assignee)

Comment 3

11 years ago
probably fixed by 383369
You need to log in before you can comment on or make changes to this bug.