Closed Bug 508214 Opened 15 years ago Closed 15 years ago

No choice to deal with unencrypted contents in an encrypted page but to risk the insecurity

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 62178

People

(Reporter: luweitest, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1

When opening some https page, warning pops up to say "you have requested an encrypted page with some unencrypted contents" but gives no choice to deal with it. The user have to accept the insecurity, even he wants to stop browsing, he must click "OK" before closing Firefox, when transmission already happens.

Reproducible: Always

Steps to Reproduce:
1.Open a page such as https://docs.google.com/support/?hl=en

Actual Results:  
Pops up a warning with no choice to do.

Expected Results:  
Firefox should stop transmission of the page, pop out the warning, and give three choices: 1, continue without loading unencrypted content (preferred); 2, stop loading (then jump to a specific page like timeout page, connection reset page); 3, proceed with everything secure and insecure. And give a check box whether to remember the choice.

This bug is NOT a duplicate of another similar bug. I have searched Bugzilla with keyword "unencrypted". Another bug report actually wants to cancel that warning on specific sites. My concern is mainly on the choices above, (even IE5 has the option not to load unencrypted content!) whether it should be global or site specific is left for developers to decide (at least it's not a major bug).
(In reply to comment #0)

> When opening some https page, warning pops up to say "you have requested an
> encrypted page with some unencrypted contents" but gives no choice to deal with
> it. The user have to accept the insecurity, even he wants to stop browsing, he
> must click "OK" before closing Firefox, when transmission already happens.
...
> This bug is NOT a duplicate of another similar bug. I have searched Bugzilla
> with keyword "unencrypted". Another bug report actually wants to cancel that
> warning on specific sites. My concern is mainly on the choices above, (even IE5
> has the option not to load unencrypted content!) whether it should be global or
> site specific is left for developers to decide (at least it's not a major bug).

I'm not sure there's anyone in the Mozilla project who can definitively state that a bug they are filing is NOT a duplicate of any of the half million that came before, but this one certainly is.  It's a duplicate of bug 62178, which does use the word "cancel", but means it in the context of "cancelling the insecure load, i.e. prevent it from happening" not just cancelling the dialog.

If you're interested in working on a fix, that bug's wanted one for some time.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
I searched with "unencrypted" and did not see bug 62178. The similar bug I referred to is bug 385172. I would be more than eager to fix it if I am a programmer.
You need to log in before you can comment on or make changes to this bug.