Closed
Bug 444986
Opened 16 years ago
Closed 16 years ago
Blue security icon: invalid domain assertion "domain.com" instead of "www.domain.com"
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 443116
People
(Reporter: minfrin, Unassigned)
Details
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9) Gecko/2008061004 Firefox/3.0 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9) Gecko/2008061004 Firefox/3.0 When an attempt is made to connect to a website called www.domain.com, which is secured by a certificate signed by a CA trusted for this purpose, and you click on the blue security icon to get details of the website, you get the following: "You are connected to domain.com..." The certificate in this case makes no assertion about "domain.com", instead the certificate belongs to "www.domain.com". By being imprecise when reporting the name of the certificate, you send a clear signal to end users that the precise name of the site doesn't matter. Phishing is all about trying to create websites that are similar to but not the same as the actual site, and this bug plays directly into the hands of phishers. The browser should assert what the certificate asserts, it should not make assertions of its own. Reproducible: Always Steps to Reproduce: xxx
Updated•16 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•