A number of users are complaining they get an invalid SSL certificate when following the "why was this blocked"/details link in Firefox 3.0.
We just pushed a .NET plugin blocklist that about half our users have, so there are quite a number of people now hitting this. The problem is that the old version of the blocklist pref had a locale subdomain, which no longer matches the *.mozilla.com cert on the machine.
This is because the pref in Firefox 3.0 is "http://%LOCALE%.www.mozilla.com/%LOCALE%/blocklist/", whereas in later versions we dropped the initial locale-host redirect.
We need to get a *.www.mozilla.com cert up there ASAP
Is bug 522876 a dupe?
Wait, I'm confused... the pref in 3.0 is _not_ SSL, and it correctly redirects to a non-SSL version of the blocklist page.
Where are people getting an HTTPS pref with a %LOCALE% sub-domain?
*** Bug 522876 has been marked as a duplicate of this bug. ***
The change from http: to https: happened at exactly the same time we dropped the %LOCALE% subdomain. How are some people having broken links? Is the details link specified in the blocklist itself?
Note that the duped bug was explicitly a 3.5.3 user. The two commenters in the security blog didn't say what version and I just assumed 3.0.x from misreading the source code.
> happened at exactly the same time...
*** This bug has been marked as a duplicate of bug 505031 ***
*** Bug 522857 has been marked as a duplicate of this bug. ***
*** Bug 522958 has been marked as a duplicate of this bug. ***