The default bug view has changed. See this FAQ.

Firefox users get invalid cert following blocklist details link

RESOLVED DUPLICATE of bug 505031

Status

mozilla.org Graveyard
Server Operations
P1
blocker
RESOLVED DUPLICATE of bug 505031
8 years ago
2 years ago

People

(Reporter: dveditz, Unassigned)

Tracking

Details

(URL)

(Reporter)

Description

8 years ago
A number of users are complaining they get an invalid SSL certificate when following the "why was this blocked"/details link in Firefox 3.0.

We just pushed a .NET plugin blocklist that about half our users have, so there are quite a number of people now hitting this. The problem is that the old version of the blocklist pref had a locale subdomain, which no longer matches the *.mozilla.com cert on the machine.

Example comment
http://blog.mozilla.com/security/2009/10/16/net-framework-assistant-blocked-to-disarm-security-vulnerability/#comment-108052

This is because the pref in Firefox 3.0 is "http://%LOCALE%.www.mozilla.com/%LOCALE%/blocklist/", whereas in later versions we dropped the initial locale-host redirect.

Firefox 3.0:
http://mxr.mozilla.org/mozilla/source/browser/app/profile/firefox.js#84

Firefox 3.5:
http://mxr.mozilla.org/mozilla1.9.1/source/browser/app/profile/firefox.js#87

We need to get a *.www.mozilla.com cert up there ASAP
Is bug 522876 a dupe?
(Reporter)

Comment 2

8 years ago
Wait, I'm confused... the pref in 3.0 is _not_ SSL, and it correctly redirects to a non-SSL version of the blocklist page.

Where are people getting an HTTPS pref with a %LOCALE% sub-domain?
(Reporter)

Updated

8 years ago
Duplicate of this bug: 522876
(Reporter)

Comment 4

8 years ago
The change from http: to https: happened at exactly the same time we dropped the %LOCALE% subdomain. How are some people having broken links? Is the details link specified in the blocklist itself?
(Reporter)

Comment 5

8 years ago
Note that the duped bug was explicitly a 3.5.3 user. The two commenters in the security blog didn't say what version and I just assumed 3.0.x from misreading the source code.
Summary: Firefox 3.0 users get invalid cert following blocklist details link → Firefox users get invalid cert following blocklist details link
(Reporter)

Comment 6

8 years ago
> happened at exactly the same time...

Bug 468526
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/273b9ecef4b7
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 505031
(Reporter)

Updated

8 years ago
Duplicate of this bug: 522857

Updated

8 years ago
Duplicate of this bug: 522958
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.