Firefox users get invalid cert following blocklist details link

RESOLVED DUPLICATE of bug 505031

Status

mozilla.org Graveyard
Server Operations
P1
blocker
RESOLVED DUPLICATE of bug 505031
8 years ago
3 years ago

People

(Reporter: dveditz, Unassigned)

Tracking

Details

(URL)

(Reporter)

Description

8 years ago
A number of users are complaining they get an invalid SSL certificate when following the "why was this blocked"/details link in Firefox 3.0.

We just pushed a .NET plugin blocklist that about half our users have, so there are quite a number of people now hitting this. The problem is that the old version of the blocklist pref had a locale subdomain, which no longer matches the *.mozilla.com cert on the machine.

Example comment
http://blog.mozilla.com/security/2009/10/16/net-framework-assistant-blocked-to-disarm-security-vulnerability/#comment-108052

This is because the pref in Firefox 3.0 is "http://%LOCALE%.www.mozilla.com/%LOCALE%/blocklist/", whereas in later versions we dropped the initial locale-host redirect.

Firefox 3.0:
http://mxr.mozilla.org/mozilla/source/browser/app/profile/firefox.js#84

Firefox 3.5:
http://mxr.mozilla.org/mozilla1.9.1/source/browser/app/profile/firefox.js#87

We need to get a *.www.mozilla.com cert up there ASAP
Is bug 522876 a dupe?
(Reporter)

Comment 2

8 years ago
Wait, I'm confused... the pref in 3.0 is _not_ SSL, and it correctly redirects to a non-SSL version of the blocklist page.

Where are people getting an HTTPS pref with a %LOCALE% sub-domain?
(Reporter)

Updated

8 years ago
Duplicate of this bug: 522876
(Reporter)

Comment 4

8 years ago
The change from http: to https: happened at exactly the same time we dropped the %LOCALE% subdomain. How are some people having broken links? Is the details link specified in the blocklist itself?
(Reporter)

Comment 5

8 years ago
Note that the duped bug was explicitly a 3.5.3 user. The two commenters in the security blog didn't say what version and I just assumed 3.0.x from misreading the source code.
Summary: Firefox 3.0 users get invalid cert following blocklist details link → Firefox users get invalid cert following blocklist details link
(Reporter)

Comment 6

8 years ago
> happened at exactly the same time...

Bug 468526
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/273b9ecef4b7
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 505031
(Reporter)

Updated

8 years ago
Duplicate of this bug: 522857

Updated

8 years ago
Duplicate of this bug: 522958
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.