Closed Bug 510448 Opened 15 years ago Closed 13 years ago

Undesired URL Traversing

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
3.5 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: 51l3n7, Unassigned)

References

(
URL
)

Details

(Whiteboard: [CLOSEME 2011-2-25])

Attachments

(1 file)

Snapshot for the occurence
110.19 KB, image/png
Details 
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1; .NET CLR 2.0.50727; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; AskTB5.4)
Build Identifier: 3.5.2

When the string "Limited users test" is typed in the browser in google.com, it automatically traverses the certificates for the links. The first link 

https://akss.dau.mil/askaprof-akss/qdetail2.aspx?cgiSubjectAreaID=12&cgiQuestionID=19366

does not contain a valid certificate and the error is popped up on its own without clicking on anything.

Reproducible: Always

Steps to Reproduce:
1. Open google.com
2. Type "Limited users test" and hit search.
3. The certificate error from the first link is thrown automatically
4. Try the same with IE 6,7, FF 3.0.13 and no error is reported


Expected Results:  
The above is just an example and I am presuming that it would give the same error for all the sites that do not have a valid certificate .

Not throw any error unless the user clicks on the link.
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3pre) Gecko/20090814 Shiretoko/3.5.3pre

Can you explain your step 3 for I see only a Google results page. Does it automatically go to the error page? I don't see that, also with link prefetching enabled it stays on the Google results page.

Can you try safe-mode: http://support.mozilla.com/en-US/kb/Safe+Mode
Version: unspecified → 3.5 Branch
"limited users test" (Without quotes)
And the first result is 

https://akss.dau.mil/askaprof-akss/qdetail2.aspx?cgiSubjectAreaID=12&cgiQuestionID=19366

Confirmed for FF Version 3.5.2
Confirmed that FF Version 3.0 is not affected
An update

It happens for google.co.in, google.pk, google.sl but not for localizations which require translation like google.ru

google.us which translates to google.com throws the error

http://www.google.com/webhp#hl=en&q=limited+users+test&aq=0p&aqi=g-p3g7&fp=1&cad=b
Forgot to confirm that there is no difference in the results with safe mode.
WFM with Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3pre) Gecko/20090814 Shiretoko/3.5.3pre, a new profile and network.prefetch-next to true.
I see the "Untrusted Connection" page only after clicking on the first link.

    
    

    
  
Do you have browser.xul.error_pages.enabled to false?

Please try basic troubleshooting: http://support.mozilla.com/en-US/kb/Basic+Troubleshooting

    
    

    
  
pref("browser.xul.error_pages.enabled", true);
pref("browser.xul.error_pages.expert_bad_cert", false);



This is what I have in firefox.js

    
    

    
  
Ria, Thanks for all the help. I am new to browser vulnerabilities and am trying not to ignore anything.

It's not happening anymore. I don't know what the deal is about. I think I will investigate on my own and get back here if I figure out. Tried it on multiple browsers on different computers, It happens on some of them, irrespective of the version but I didn't get to see this in 3.0.x

    
    

    
  
It's happening due to prefetching(as I got to know through mailing lists.) I am not sure why it's not happening with you with prefetching enabled. It doesn't happen with prefetching set to false. What I am guessing that it  probably stops happening at times due to the browser cache.

    
    

    
  
Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode or a fresh profile? If not, please close. These links can help you in your testing.
http://support.mozilla.com/kb/Safe+Mode
http://support.mozilla.com/kb/Managing+profiles
Whiteboard: [CLOSEME 2011-2-25]

    
    

    
  
This bug has had the CLOSEME tag for several weeks and the date in the tag is far gone. If the reporter can still see this issue, Please retest with Firefox 3.6.x or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). Then please remove the closeme tag in the whiteboard, mark the bug against the proper version and comment on the bug.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: