Closed
Bug 510448
Opened 15 years ago
Closed 14 years ago
Undesired URL Traversing
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: 51l3n7, Unassigned)
References
()
Details
(Whiteboard: [CLOSEME 2011-2-25])
Attachments
(1 file)
110.19 KB,
image/png
|
Details |
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1; .NET CLR 2.0.50727; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; AskTB5.4)
Build Identifier: 3.5.2
When the string "Limited users test" is typed in the browser in google.com, it automatically traverses the certificates for the links. The first link
https://akss.dau.mil/askaprof-akss/qdetail2.aspx?cgiSubjectAreaID=12&cgiQuestionID=19366
does not contain a valid certificate and the error is popped up on its own without clicking on anything.
Reproducible: Always
Steps to Reproduce:
1. Open google.com
2. Type "Limited users test" and hit search.
3. The certificate error from the first link is thrown automatically
4. Try the same with IE 6,7, FF 3.0.13 and no error is reported
Expected Results:
The above is just an example and I am presuming that it would give the same error for all the sites that do not have a valid certificate .
Not throw any error unless the user clicks on the link.
Comment 1•15 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3pre) Gecko/20090814 Shiretoko/3.5.3pre
Can you explain your step 3 for I see only a Google results page. Does it automatically go to the error page? I don't see that, also with link prefetching enabled it stays on the Google results page.
Can you try safe-mode: http://support.mozilla.com/en-US/kb/Safe+Mode
Version: unspecified → 3.5 Branch
"limited users test" (Without quotes)
And the first result is
https://akss.dau.mil/askaprof-akss/qdetail2.aspx?cgiSubjectAreaID=12&cgiQuestionID=19366
Confirmed for FF Version 3.5.2
Confirmed that FF Version 3.0 is not affected
An update
It happens for google.co.in, google.pk, google.sl but not for localizations which require translation like google.ru
google.us which translates to google.com throws the error
http://www.google.com/webhp#hl=en&q=limited+users+test&aq=0p&aqi=g-p3g7&fp=1&cad=b
Forgot to confirm that there is no difference in the results with safe mode.
Comment 5•15 years ago
|
||
WFM with Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3pre) Gecko/20090814 Shiretoko/3.5.3pre, a new profile and network.prefetch-next to true.
I see the "Untrusted Connection" page only after clicking on the first link.
Comment 7•15 years ago
|
||
Do you have browser.xul.error_pages.enabled to false?
Please try basic troubleshooting: http://support.mozilla.com/en-US/kb/Basic+Troubleshooting
pref("browser.xul.error_pages.enabled", true);
pref("browser.xul.error_pages.expert_bad_cert", false);
This is what I have in firefox.js
Ria, Thanks for all the help. I am new to browser vulnerabilities and am trying not to ignore anything.
It's not happening anymore. I don't know what the deal is about. I think I will investigate on my own and get back here if I figure out. Tried it on multiple browsers on different computers, It happens on some of them, irrespective of the version but I didn't get to see this in 3.0.x
Reporter | ||
Comment 10•15 years ago
|
||
It's happening due to prefetching(as I got to know through mailing lists.) I am not sure why it's not happening with you with prefetching enabled. It doesn't happen with prefetching set to false. What I am guessing that it probably stops happening at times due to the browser cache.
Comment 11•14 years ago
|
||
Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode or a fresh profile? If not, please close. These links can help you in your testing.
http://support.mozilla.com/kb/Safe+Mode
http://support.mozilla.com/kb/Managing+profiles
Whiteboard: [CLOSEME 2011-2-25]
Comment 12•14 years ago
|
||
This bug has had the CLOSEME tag for several weeks and the date in the tag is far gone. If the reporter can still see this issue, Please retest with Firefox 3.6.x or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). Then please remove the closeme tag in the whiteboard, mark the bug against the proper version and comment on the bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•