Repeated warning about visiting encrypted page containing unencrypted information

VERIFIED FIXED

Status

Firefox for Android Graveyard
General
VERIFIED FIXED
7 years ago
7 years ago

People

(Reporter: Ehsan, Assigned: mbrubeck)

Tracking

Trunk
ARM
Android

Details

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
Every time I visit Google Reader on my phone using Fennec, I get this Security Warning:

You have requested an encrypted page that contains some unencrypted information.  Information that you see or enter on this page could easily be read by a third party.

[x] Alert me whenever I'm about to view an encrypted page that contains some unencrypted information.

When I uncheck the above box and press OK, I expect not to see this message next time.  But the message reappears no matter how many times I have seen this dialog.

Updated

7 years ago
tracking-fennec: --- → ?
tracking-fennec: ? → 2.0b3+

Updated

7 years ago
Assignee: nobody → doug.turner

Comment 1

7 years ago
this alert happens from content.  the result of the the checkbox is given back to content, and it tries to set a perferences which fails (because you can't write out preferences from the child process)

Options:

1) Special case this preferences

2) Just removing this warning from Fennec (by adding the correct pref to mobile.js)


I am leaning toward (2).
(Reporter)

Comment 2

7 years ago
(In reply to comment #1)
> this alert happens from content.  the result of the the checkbox is given back
> to content, and it tries to set a perferences which fails (because you can't
> write out preferences from the child process)
> 
> Options:
> 
> 1) Special case this preferences
> 
> 2) Just removing this warning from Fennec (by adding the correct pref to
> mobile.js)
> 
> I am leaning toward (2).

Is this the only similar alert?
(Assignee)

Comment 3

7 years ago
Here's a complete list of similar prefs.  The only ones that are enabled by default are this one (viewing_mixed) and "You have requested a page that uses low-grade encryption" (entering_weak):

> 76 pref("security.warn_entering_secure",    false);
> 77 pref("security.warn_entering_weak",      true);
> 78 pref("security.warn_leaving_secure",     false);
> 79 pref("security.warn_viewing_mixed",      true);
> 80 pref("security.warn_submit_insecure",    false);

http://mxr.mozilla.org/mozilla-central/source/netwerk/base/public/security-prefs.js
(Assignee)

Comment 4

7 years ago
In addition to doug's options, we could remote nsISecurityWarningDialogs so that the dialog is displayed by the parent process, or override it to provide a mobile-specific UI.

Whatever else we do, I would suggest changing the Larry UI to use a red background and provide information when on a weak or mixed SSL page.

Comment 5

7 years ago
right, remote nsISecurityWarningDialogs.  quite easy too.

Comment 6

7 years ago
spoke too soon.  not that easy. that interface requester fans out a bit.

Comment 7

7 years ago
spoke to jesse, dveditz, and lucas.

i think we all agreed that this dialog was not very important as it is currently implemented.  jesse suggested it had lots of false positives.  It also looks like it is only ever displayed one time -- not per url.  Lucas mentioned there are bugs to improve this -- for example, XHR loads of http content that get eval'ed are not monitored.

For this bug, we believe it is fine to set the security.warn_viewing_mixed pref to false in Fennec.
(Assignee)

Comment 8

7 years ago
Created attachment 496269 [details] [diff] [review]
patch
Assignee: doug.turner → mbrubeck
Status: NEW → ASSIGNED
Attachment #496269 - Flags: review?(doug.turner)

Comment 9

7 years ago
Comment on attachment 496269 [details] [diff] [review]
patch

// Broken in e10s

to

// Warning is disabled.  See Bug 616712.
Attachment #496269 - Flags: review?(doug.turner) → review+
(Assignee)

Comment 10

7 years ago
Pushed with comment change: http://hg.mozilla.org/mobile-browser/rev/32803bacba02
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED

Comment 11

7 years ago
Ehsan Akhgari, can you provide the Build Id for this reported bug and the device? It seems to be verified fixed now, but I also have to be sure I could reproduce this issue on my device
Verified the pref change - Mozilla/5.0 (Android; Linux armv7l; rv:2.1.1) Gecko/20110415 Firefox/4.0.2pre Fennec/4.0.1 ID:20110415172201
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.