Closed Bug 582298 Opened 14 years ago Closed 14 years ago

Clicking on a hyperlink in a page at an HTTP address that points to an HTTP address which responds with an HTTP 302 redirect to an HTTPS address does not properly display SSL certificate information

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: ianlotinsky, Unassigned)

References

(
URL
)

Details

(Whiteboard: [sg:needinfo])

Attachments

(2 files)

The actual results (bad)
938.42 KB, image/png
Details
After hitting Reload
959.11 KB, image/png
Details 
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8

If you are at an HTTP addressed page, and that page has a hyperlink that points to an HTTP address, and if you click on it, and the web server responds with an HTTP 302 redirect to an HTTPS address, the browser redirects just fine. The address reads "https://...". However, the favicon/SSL address bar prefix does not reflect the SSL certificate information. As well, the lock in the status bar renders a lock with an "!" on it. The "Verified by" in the certificate information is "Not specified" even though the rest of the certificate information is present. Hitting refresh properly loads the SSL certificate "Verified by" information and the favicon and security lock appropriately look secure.

Reproducible: Always

Steps to Reproduce:
1. Go to http://www.razoo.com/
2. Click the Login link in the upper-left corner
3. See that the favicon looks like the site is insecure and yet the URL is https
4. See that the security lock in the status bar has an exclamation point on it
5. Click Refresh and see that the favicon and security lock are properly displayed
Actual Results:  
The favicon area renders as if the site is insecure and yet the URL is https. The security lock in the status bar has an exclamation point on it and "Verified by" is "Not specified".

Expected Results:  
The favicon should have a blue background; the text "razoo.com" should appear next to the favicon. The security lock should not have an exclamation point and the "Verified by" should read "Verisign."

Proper SSL information is displayed in IE, Chrome, and Safari, but not Firefox.
Seems to work OK for me. Do you have any add-ons installed that might add content to the page? Did the lock icon in the status bar show a slash through it (indicating "mixed mode")?
Whiteboard: [sg:needinfo]

    
    

    
  

      
      
      
      

        Attached image
          
        After hitting Reload
      

    


  

    
    

    
  
No. Regardless, I disabled all the add-ons and this issue happens on several people's computers.

    
    

    
  
I added screen shots too.

    
    

    
  
Checked again today and it mysteriously went away. We changed nothing on our servers or our boxes, so I'm at a loss. It was definitely there and confirmed on several machines. I'll close the ticket. Sorry!
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME

    
  
Group: core-security → core-security-release
Group: core-security-release

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: