Clicking on a hyperlink in a page at an HTTP address that points to an HTTP address which responds with an HTTP 302 redirect to an HTTPS address does not properly display SSL certificate information

RESOLVED WORKSFORME

Status

()

Firefox
Security
RESOLVED WORKSFORME
8 years ago
3 years ago

People

(Reporter: Ian Lotinsky, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:needinfo], URL)

Attachments

(2 attachments)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8

If you are at an HTTP addressed page, and that page has a hyperlink that points to an HTTP address, and if you click on it, and the web server responds with an HTTP 302 redirect to an HTTPS address, the browser redirects just fine. The address reads "https://...". However, the favicon/SSL address bar prefix does not reflect the SSL certificate information. As well, the lock in the status bar renders a lock with an "!" on it. The "Verified by" in the certificate information is "Not specified" even though the rest of the certificate information is present. Hitting refresh properly loads the SSL certificate "Verified by" information and the favicon and security lock appropriately look secure.

Reproducible: Always

Steps to Reproduce:
1. Go to http://www.razoo.com/
2. Click the Login link in the upper-left corner
3. See that the favicon looks like the site is insecure and yet the URL is https
4. See that the security lock in the status bar has an exclamation point on it
5. Click Refresh and see that the favicon and security lock are properly displayed
Actual Results:  
The favicon area renders as if the site is insecure and yet the URL is https. The security lock in the status bar has an exclamation point on it and "Verified by" is "Not specified".

Expected Results:  
The favicon should have a blue background; the text "razoo.com" should appear next to the favicon. The security lock should not have an exclamation point and the "Verified by" should read "Verisign."

Proper SSL information is displayed in IE, Chrome, and Safari, but not Firefox.
Seems to work OK for me. Do you have any add-ons installed that might add content to the page? Did the lock icon in the status bar show a slash through it (indicating "mixed mode")?
Whiteboard: [sg:needinfo]
(Reporter)

Comment 2

8 years ago
Created attachment 460951 [details]
The actual results (bad)
(Reporter)

Comment 3

8 years ago
Created attachment 460952 [details]
After hitting Reload
(Reporter)

Comment 4

8 years ago
No. Regardless, I disabled all the add-ons and this issue happens on several people's computers.
(Reporter)

Comment 5

8 years ago
I added screen shots too.
(Reporter)

Comment 6

8 years ago
Checked again today and it mysteriously went away. We changed nothing on our servers or our boxes, so I'm at a loss. It was definitely there and confirmed on several machines. I'll close the ticket. Sorry!
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WORKSFORME

Updated

3 years ago
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.