All users were logged out of Bugzilla on October 13th, 2018

Incorrect SSL Security Shown (compared to IE)

RESOLVED WORKSFORME

Status

()

RESOLVED WORKSFORME
7 years ago
7 years ago

People

(Reporter: firefox, Unassigned)

Tracking

6 Branch
x86_64
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

7 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0
Build ID: 20110811165603

Steps to reproduce:

I went to the site of Bank of America

https://sitekey.bankofamerica.com/sas/signonScreen.do?state=MN



Actual results:

The toolbar did not highlight any colors - it uses an enhanced verified certificate!




Expected results:

It should have been highlighted in Green in IE as Microsoft does
(Reporter)

Updated

7 years ago

Comment 1

7 years ago
This works for me with 32bit builds on Windows XP 32 bit and Windows Vista 64 bit and Mac OS X 10.5.

Go to Firefox -> Help -> Restart with Add-ons Disabled and see if it is still not highlighting in green.
(Reporter)

Comment 2

7 years ago
Hi Bob

Just repeated test as yours - somehow cycling with and without addons has cleared this up.

Something is buggy - but suppose its working

Happy to close if you are

Comment 3

7 years ago
Nigel, if you could go to Firefox->Help->Troubleshooting information, then click Copy all to clipboard and then paste the results here that might help us today or perhaps someone later if we see the same extensions with similar problems.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WORKSFORME
(Reporter)

Comment 4

7 years ago

  Application Basics

        Name
        Firefox

        Version
        6.0

        User Agent
        Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0

        Profile Directory

          Open Containing Folder

        Enabled Plugins

          about:plugins

        Build Configuration

          about:buildconfig

  Extensions

        Name

        Version

        Enabled

        ID

        Adblock Plus
        1.3.9
        true
        {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

        Beef Taco (Targeted Advertising Cookie Opt-Out)
        1.3.6
        true
        john@velvetcache.org

        BetterPrivacy
        1.67
        true
        {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

        Bookmark Favicon Changer
        1.52
        true
        bookmarkfaviconchanger@sonthakit

        British English Dictionary
        1.19.1
        true
        en-GB@dictionaries.addons.mozilla.org

        Clear Cache Button
        0.9f
        true
        {563e4790-7e70-11da-a72b-0800200c9a66}

        Configuration Mania
        1.14.2011080101
        true
        {c4d362ec-1cff-4ca0-9031-99a8fad7995a}

        Download Statusbar
        0.9.8
        true
        {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

        Extension List Dumper
        1.15.2
        true
        extensionlistdumper@sogame.cat

        Google Analytics Opt-out Browser Add-on
        0.9.4
        true
        {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}

        HTML5 Extension for Windows Media Player Plug-in
        1.0.3
        true
        jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack

        Menu Editor
        1.2.7
        true
        {EDA7B1D7-F793-4e03-B074-E6F303317FB0}

        NewTabURL
        2.2.3
        true
        newtaburl@sogame.cat

        ReloadEvery
        6.0.0
        true
        {888d99e7-e8b5-46a3-851e-1ec45da1e644}

        Saved Password Editor
        2.2.1
        true
        savedpasswordeditor@daniel.dawson

        Undo Closed Tabs Button
        3.7.1
        true
        undoclosedtabsbutton@supernova00.biz

        Wallflower
        1.0
        true
        jid1-uB4sJEPvR2m4QQ@jetpack

        avast! WebRep
        6.0.1203
        false
        wrc@avast.com

        Java Console
        6.0.26
        false
        {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

  Modified Preferences

      Name

      Value

        accessibility.typeaheadfind.flashBar
        0

        browser.places.smartBookmarksVersion
        2

        browser.startup.homepage
        www.google.co.uk

        browser.startup.homepage_override.buildID
        20110811165603

        browser.startup.homepage_override.mstone
        rv:6.0

        extensions.lastAppVersion
        6.0

        network.cookie.prefsMigrated
        true

        places.database.lastMaintenance
        1314286379

        places.history.enabled
        false

        places.history.expiration.transient_current_max_pages
        128822

        print.print_printer
        CutePDF Writer

        print.printer_CutePDF_Writer.print_bgcolor
        false

        print.printer_CutePDF_Writer.print_bgimages
        false

        print.printer_CutePDF_Writer.print_command

        print.printer_CutePDF_Writer.print_downloadfonts
        false

        print.printer_CutePDF_Writer.print_edge_bottom
        0

        print.printer_CutePDF_Writer.print_edge_left
        0

        print.printer_CutePDF_Writer.print_edge_right
        0

        print.printer_CutePDF_Writer.print_edge_top
        0

        print.printer_CutePDF_Writer.print_evenpages
        true

        print.printer_CutePDF_Writer.print_footercenter

        print.printer_CutePDF_Writer.print_footerleft
        &PT

        print.printer_CutePDF_Writer.print_footerright
        &D

        print.printer_CutePDF_Writer.print_headercenter

        print.printer_CutePDF_Writer.print_headerleft
        &T

        print.printer_CutePDF_Writer.print_headerright
        &U

        print.printer_CutePDF_Writer.print_in_color
        true

        print.printer_CutePDF_Writer.print_margin_bottom
        0.5

        print.printer_CutePDF_Writer.print_margin_left
        0.5

        print.printer_CutePDF_Writer.print_margin_right
        0.5

        print.printer_CutePDF_Writer.print_margin_top
        0.5

        print.printer_CutePDF_Writer.print_oddpages
        true

        print.printer_CutePDF_Writer.print_orientation
        0

        print.printer_CutePDF_Writer.print_page_delay
        50

        print.printer_CutePDF_Writer.print_paper_data
        9

        print.printer_CutePDF_Writer.print_paper_height
        11.00

        print.printer_CutePDF_Writer.print_paper_size_type
        0

        print.printer_CutePDF_Writer.print_paper_size_unit
        1

        print.printer_CutePDF_Writer.print_paper_width
        8.50

        print.printer_CutePDF_Writer.print_reversed
        false

        print.printer_CutePDF_Writer.print_scaling
        1.00

        print.printer_CutePDF_Writer.print_shrink_to_fit
        true

        print.printer_CutePDF_Writer.print_to_file
        false

        print.printer_CutePDF_Writer.print_unwriteable_margin_bottom
        0

        print.printer_CutePDF_Writer.print_unwriteable_margin_left
        0

        print.printer_CutePDF_Writer.print_unwriteable_margin_right
        0

        print.printer_CutePDF_Writer.print_unwriteable_margin_top
        0

        print.printer_Microsoft_XPS_Document_Writer.print_bgcolor
        false

        print.printer_Microsoft_XPS_Document_Writer.print_bgimages
        false

        print.printer_Microsoft_XPS_Document_Writer.print_command

        print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts
        false

        print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom
        0

        print.printer_Microsoft_XPS_Document_Writer.print_edge_left
        0

        print.printer_Microsoft_XPS_Document_Writer.print_edge_right
        0

        print.printer_Microsoft_XPS_Document_Writer.print_edge_top
        0

        print.printer_Microsoft_XPS_Document_Writer.print_evenpages
        true

        print.printer_Microsoft_XPS_Document_Writer.print_footercenter

        print.printer_Microsoft_XPS_Document_Writer.print_footerleft
        &PT

        print.printer_Microsoft_XPS_Document_Writer.print_footerright
        &D

        print.printer_Microsoft_XPS_Document_Writer.print_headercenter

        print.printer_Microsoft_XPS_Document_Writer.print_headerleft
        &T

        print.printer_Microsoft_XPS_Document_Writer.print_headerright
        &U

        print.printer_Microsoft_XPS_Document_Writer.print_in_color
        true

        print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom
        0.5

        print.printer_Microsoft_XPS_Document_Writer.print_margin_left
        0.5

        print.printer_Microsoft_XPS_Document_Writer.print_margin_right
        0.5

        print.printer_Microsoft_XPS_Document_Writer.print_margin_top
        0.5

        print.printer_Microsoft_XPS_Document_Writer.print_oddpages
        true

        print.printer_Microsoft_XPS_Document_Writer.print_orientation
        0

        print.printer_Microsoft_XPS_Document_Writer.print_page_delay
        50

        print.printer_Microsoft_XPS_Document_Writer.print_paper_data
        9

        print.printer_Microsoft_XPS_Document_Writer.print_paper_height
        11.00

        print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type
        0

        print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit
        1

        print.printer_Microsoft_XPS_Document_Writer.print_paper_width
        8.50

        print.printer_Microsoft_XPS_Document_Writer.print_reversed
        false

        print.printer_Microsoft_XPS_Document_Writer.print_scaling
        1.00

        print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit
        true

        print.printer_Microsoft_XPS_Document_Writer.print_to_file
        false

        print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom
        0

        print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left
        0

        print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right
        0

        print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top
        0

        privacy.clearOnShutdown.cookies
        false

        privacy.donottrackheader.enabled
        true

        privacy.sanitize.migrateFx3Prefs
        true

        privacy.sanitize.sanitizeOnShutdown
        true

        security.password_lifetime
        15

        security.warn_viewing_mixed
        false

  Graphics

        Adapter Description
        ATI Radeon HD 4550

        Vendor ID
        1002

        Device ID
        9540

        Adapter RAM
        512

        Adapter Drivers
        aticfx64 aticfx64 aticfx32 aticfx32 atiumd64 atidxx64 atiumdag atidxx32 atiumdva atiumd6a atitmm64

        Driver Version
        8.881.0.0

        Driver Date
        7-28-2011

        Direct2D Enabled
        true

        DirectWrite Enabled
        true (6.1.7601.17563)

        ClearType Parameters
        ClearType parameters not found

        WebGL Renderer
        Google Inc. -- ANGLE -- OpenGL ES 2.0 (ANGLE 0.0.0.686)

        GPU Accelerated Windows
        1/1 Direct3D 10
(Reporter)

Comment 5

7 years ago
Another issue with the toolbar is that with Firefox 6 you have made the colors pastel - but there are several bugs open about that
yeah, we're not going to argue color in bugs. Debate the design team in the newsgroups they read (mozilla.dev.usability I think?) or on IRC.

"Green" certs can turn "Blue" if there's a problem getting a response from the Certificate Authority's OCSP (revocation) server. If we can't validate that the certificate has not been revoked then we downgrade it from EV to "normal" SSL.

The color going away entirely generally means some content on the page was loaded insecurely. Often it's an image which is not a huge problem (although in the case of the sitekey site, if it were the sitekey itself that might be an issue) but it could also be an advertising or analytics script. Unlikely to be advertising on a bank of course, I'm speaking in general. The purpose of some add-ons is to create "mash-ups" or otherwise add content to your web sites, and if they're not carefully done they might add insecure content to SSL pages that will trigger "mixed-mode" which we currently indicate by removing the color. Personally I'd prefer calling more attention to that state, but that, too, is an argument for another bug.

The fact that it started working correctly when you disabled your add-ons is consistent with an add-on that inserts content into pages, but most of your add-ons are about --blocking-- content.

I don't know what "Wallflower" is. I can imagine "avast! WebRep" might be inserting indications somewhere on the page (if not in the UI) but it would be pretty incompetent for security software to be breaking the security on a bank site.
(Reporter)

Comment 7

7 years ago
Thanks - would think that the issue was getting answers from the revocation certificate however

Avast WebRep is disabled - due to Avast being weeks being Firefox and resetting the version of their software to stop it working with Firefox 6.

Wallflower comes from Deitrich Ayala one of the developers - who wrote

I was looking at about:memory and noticed entries for Facebook and Google+ URLs, even though I didn’t have either open. I figured they were probably from the social buttonry that decorates the web these days. No big deal… except they were taking up a bunch of memory! The Facebook button was using over 20mb and the Google+ button was taking over 40mb!

I have never clicked either of these buttons.

So I wrote Wallflower, a simple Firefox add-on (restartless of course) that removes these buttons from any page your browse to, saving your precious memory, CPU and battery life for the content you actually want.

(http://autonome.wordpress.com/author/autonome/)
You need to log in before you can comment on or make changes to this bug.