Open Bug 443124 Opened 16 years ago Updated 2 years ago

Unable to accept certificate if https is in "Object" tag

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
All
Type:
defect

Tracking

()

People

(Reporter: gaspard.alizan, Unassigned)

References

(Depends on 1 open bug)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9) Gecko/2008052906 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9) Gecko/2008052906 Firefox/3.0

If a web page contains an "object" tag that points to a https site which has an invalid certificate, nothing will ever be displayed.

The solution is open source code of HTML, search and go directly to the link, accept the certificate, return to the page and then you'll have access to the embedded page ("object" tag).


Reproducible: Always

Steps to Reproduce:
1. A TAG Object in a HTML file that points to a HTTPS site
2. https site with invalid certificate
3. Open the HTML page, no certificate warning and no certificate acceptation is displayed
Actual Results:  
Blank page

Expected Results:  
Display the warning in place of the object.

This is only for Firefox3, Firefox2 and its popup warning works well.
dupe of bug 399876 ?
I think that it's closer to bug https://bugzilla.mozilla.org/show_bug.cgi?id=399760 "Problem 1".
But instead of an image, it is a webpage displayed in a frame using :
<object data="https://a_site_with_self_signed_cert/a_page.html" type='text/html' width="100%" height="600px"/>


<object> is interesting because of its fallback behavior (displaying its children).  Does it make sense to make some loading errors (e.g. file-not-found) trigger the fallback behavior and make other loading errors (e.g. invalid cert) show an error page as with an iframe?
Status: UNCONFIRMED → NEW
Depends on: 399876
Ever confirmed: true
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.