Open
Bug 439942
Opened 16 years ago
Updated 2 years ago
Images (etc) with invalid ssl certificates don't trigger a cert dialog
Categories
(Core :: DOM: Navigation, defect)
Core
DOM: Navigation
Tracking
()
UNCONFIRMED
People
(Reporter: alessandro.sturniolo, Unassigned)
References
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080410 SUSE/2.0.0.14-0.1 Firefox/2.0.0.14 Build Identifier: Firefox 3.0 If in a https web page is included an element via https from another site (with different certificates), this elements is not showed, and the browser not propose to accept furthers certificates. Reproducible: Always Steps to Reproduce: 1. Create an https web page with an element (for example an image) loaded from another site with different certificates. 2. Load the web page with firefox 3.0 Actual Results: The elements from other sites are the browser not propose to accept furthers certificates. Expected Results: The browser have to propose to the user to accept further certificates from other sites. In Firefox 2.x the browser propose to accept all other certificates required to load all external elements.
Sam, this sounds like a scenario that would open up to cross-site forgery, so I tend to think we should close as INVALID or WONTFIX. But maybe I don't understand what's going on. What is your take?
Comment 2•16 years ago
|
||
I think this should be WONTFIX. See bug 399876 for some related discussion. Maybe the error message in the Error Console can include a link to the error page, which lets you add an exception ;)
Component: General → Embedding: Docshell
Product: Firefox → Core
QA Contact: general → docshell
Summary: Cross site https elements → Images (etc) with invalid ssl certificates don't trigger a cert dialog
Version: unspecified → Trunk
Comment 3•16 years ago
|
||
Definitely WONTFIX – in my opinion – for most of the reasons in bug 399876.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•