Closed Bug 444227 Opened 16 years ago Closed 16 years ago

An SSL alert (js style modal "OK" box) has a bogus link text in it

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
trivial

Tracking

()

Status:
RESOLVED DUPLICATE of bug 439062

People

(Reporter: jack, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0

I got this error message popping up, like a javascript alert() in a very peculiar situation.  I imagine it would be a real PITA to reproduce, but I think I know how, although I haven't attempted it.  I deal with a lot of wonky SSL sites, but this is the first time I've seen one come up like this.

"old.hostname.redacted:443 uses an invalid security certificate.

The certificate is not trusted because it is self signed.
The certificate is only valid for <a id="cert_domain_link" title="new.hostname.redacted">new.hostname.redacted</a>

(Error code: sec_error_untrusted_issuer)
"
The message appeared, just like that.  There was no actual link, and that's the only thing about this that I consider to be a bug.


Reproducible: Didn't try

Steps to Reproduce:
1. Get a website with a self-signed certificate and two DNS hostnames;  The reverse DNS should be the "old" non preferred name, and the SSL certificate should have the "new" preferred name.
2. In the location bar, enter the old hostname that does not match the SSL certificate and try to load the site
3. Enter a security exception so that the site will appear
4. Make sure that session restore is active
5. open several other tabs to other web sites
5. close the browser
6. change the reverse DNS to match the security certificate.
7. wait
8. start the browser
9. You might have to load up, in a new tab, the site using the newer / preferred hostname, and enter in a security exception because, even though the name no longer mismatched the certificate, the certificate is still self-signed.  I doubt this is important, but it's what I had done.
10. select the tab where the site had been loaded using its old hostname
Actual Results:  
The page's content will be shown, because it came up from session restore.  A javascript style alert box will pop up in front of it though, and the message from the beginning of the bug report is shown.  There is HTML source printed in the error message for the user.
If one was to reload the tab at this point, the full size XUL error page (I think that's what it's called?) would be shown instead of the page's content.

Expected Results:  
The error message text should either have a working link or no link.

With regards to the severity of this bug, I feel like "trivial" doesn't begin to cover it.  I can see why no one has reported it before.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
I promise I searched before incorrectly proclaiming that no one had reported it, but once again, I fail at searching bugzilla.  thanks, and sorry :(
You need to log in before you can comment on or make changes to this bug.