Closed Bug 500148 Opened 15 years ago Closed 3 years ago

certificate exceptions don't work in every case

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
3.5 Branch
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: wolfiR, Unassigned)

References

(
URL
)

Details

The following is a bit hard to describe but I saw an example where Firefox' was completely locked when visiting a simple webpage (basically the webpage is also broken I think but FF should handle it better IMHO).

That is happening at least with FF3.5rc2

How to reproduce:
- visit https://www.videobuster.de
- you'll get a certificate warning as the CA is apparently not in NSS
- choose to add an exception for this certificate/site (temporary is enough)
- proceed to the site
- you will get more certificate warnings since the site refers to other hosts
  using the same certificate but you cannot add exceptions for them
- once the site is (more or less) loaded it will show a JS alert about not being able to load important JavaScript and you can't get rid of it anymore

Result: Your Firefox session became unusable because of the modal JS alert
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090616 Firefox/3.5

works for me perfectly : no temporary exception was needed

I tested with a deleted cert8.db file, so that only built-in certificates would be used. The chain of certificates used by www.videobuster.de added the UTN-USERFirst=Hardware certificate (under AddTrust, serial number 26:21:1B:F5:2A:EB:51:B0:0B:FA:9F:DD:8D:36:DA:9E), while there is a similar named certificate (built-in) under The USERTRUST network, serial number 44:BE:0C:8B:50:00:24:B4:11:D3:36:2A:FE:65:0A:FD) I don't know if this is normal or not.
Oh, right. Checking with a fresh profile worked for me too.
The "AddTrust External CA Root" is marked as non-trusted for me but I can only partly remember why. There was an issue with that CA at some point:

http://benjamin.smedbergs.us/blog/2008-12-24/how-to-disable-the-comodo-root-certificate-in-firefox/

Ok, still the main issue is not about this particular certificate but to reproduce it, it should be enough to uncheck the trust bits.

Marking this as Resolved > Worksforme since the issue is no longer reproducible on the latest versions of Firefox Nightly 96.0a1 (2021-11-01), beta 94.0 or release 93.0 on Windows 10.
If anyone is still able to reproduce the issue please re-open it or file a new one.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.