Open Bug 528988 Opened 15 years ago Updated 2 years ago

Larry should be completely updated with all ssl info when an https page requires http authentication

Categories

(Firefox :: Security, enhancement)

enhancement

Tracking

()

People

(Reporter: mayhemer, Unassigned)

References

Details

(Keywords: sec-want, Whiteboard: [sg:want][psm-padlock])

Attachments

(1 file)

Problem I found is that larry UI is not completely filled with all ssl information at the moment we show the http authentication prompt, see the screen shot. It might lead users to mistakenly read the UI as they would be abused with an attack or actually wouldn't know they are under a real attack at the moment. This is bad mainly in case of EV sites, there will be no EV UI while the prompt is shown and a user might enter the auth information to a spoofing site. This is for sure blocked by bug 370886 and probably more work, because when a user clicks link e.g. in the history list, the URL is not replaced at all and the old (current) URL of the page is still appearing in the URL bar, no larry update at all. Keeping confidential not to reveal bug 370886.
Assignee: kaie → nobody
Component: Security: PSM → Location Bar and Autocomplete
Product: Core → Firefox
QA Contact: psm → location.bar
Component: Location Bar and Autocomplete → Security
QA Contact: location.bar → firefox
Depends on: newlock
Whiteboard: [sg:want] private because bug 370886 is private
Whiteboard: [sg:want] private because bug 370886 is private → [sg:want][psm-padlock] private because bug 370886 is private
Group: core-security → firefox-core-security
Group: firefox-core-security
Whiteboard: [sg:want][psm-padlock] private because bug 370886 is private → [sg:want][psm-padlock]
See Also: → 656343
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: