Closed
Bug 582298
Opened 14 years ago
Closed 14 years ago
Clicking on a hyperlink in a page at an HTTP address that points to an HTTP address which responds with an HTTP 302 redirect to an HTTPS address does not properly display SSL certificate information
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: ianlotinsky, Unassigned)
References
()
Details
(Whiteboard: [sg:needinfo])
Attachments
(2 files)
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 If you are at an HTTP addressed page, and that page has a hyperlink that points to an HTTP address, and if you click on it, and the web server responds with an HTTP 302 redirect to an HTTPS address, the browser redirects just fine. The address reads "https://...". However, the favicon/SSL address bar prefix does not reflect the SSL certificate information. As well, the lock in the status bar renders a lock with an "!" on it. The "Verified by" in the certificate information is "Not specified" even though the rest of the certificate information is present. Hitting refresh properly loads the SSL certificate "Verified by" information and the favicon and security lock appropriately look secure. Reproducible: Always Steps to Reproduce: 1. Go to http://www.razoo.com/ 2. Click the Login link in the upper-left corner 3. See that the favicon looks like the site is insecure and yet the URL is https 4. See that the security lock in the status bar has an exclamation point on it 5. Click Refresh and see that the favicon and security lock are properly displayed Actual Results: The favicon area renders as if the site is insecure and yet the URL is https. The security lock in the status bar has an exclamation point on it and "Verified by" is "Not specified". Expected Results: The favicon should have a blue background; the text "razoo.com" should appear next to the favicon. The security lock should not have an exclamation point and the "Verified by" should read "Verisign." Proper SSL information is displayed in IE, Chrome, and Safari, but not Firefox.
Comment 1•14 years ago
|
||
Seems to work OK for me. Do you have any add-ons installed that might add content to the page? Did the lock icon in the status bar show a slash through it (indicating "mixed mode")?
Whiteboard: [sg:needinfo]
Reporter | ||
Comment 2•14 years ago
|
||
Reporter | ||
Comment 3•14 years ago
|
||
Reporter | ||
Comment 4•14 years ago
|
||
No. Regardless, I disabled all the add-ons and this issue happens on several people's computers.
Reporter | ||
Comment 5•14 years ago
|
||
I added screen shots too.
Reporter | ||
Comment 6•14 years ago
|
||
Checked again today and it mysteriously went away. We changed nothing on our servers or our boxes, so I'm at a loss. It was definitely there and confirmed on several machines. I'll close the ticket. Sorry!
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•