462993 - Permanent security exceptions are purged

Status: VERIFIED DUPLICATE of bug 436870

(Firefox :: Security, defect)

Description

[Boris Mekler]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0

When navigating to a website that uses an invalid or self-signed SSL certificate, Firefox presents a "Secure connection failed" dialog where to continue to the website, you have to confirm the exception, with an option to permanently store it. However, the size of cache for storing permanent exceptions seems to be limited to 15 or so - if more exceptions are "permanently stored", the cache is purged completely. 

Reproducible: Always

Steps to Reproduce:
1. Navigate to a website that has an SSL certificate problem (say, you navigate to https://<ip address>/
2. Confirm security exception and check "Permanently store this exception".
3. Repeat 16 times on different sites.
4. Go back to the first sites you visited.
Actual Results:  
Security exceptions cache is purged, websites that were added there minutes before present SSL errors again.

Expected Results:  
Direct access to the website without security warnings.

It might be related to the fact that all the exceptions use the same self-signed certificate (I encountered the problem while connecting to about 30 different Fortinet firewall appliances), but I can't vouch for that. The exact cause for exception is ssl_error_bad_cert_domain.

Comment 1

[Johnathan Nightingale [:johnath]]

This sounds like bug 436870, which should be fixed by installing the latest security updates for Firefox.  Your user agent string shows you being on Firefox 3.0, but by now you should be on 3.0.3. Are you not getting updates?