Closed
Bug 746504
Opened 13 years ago
Closed 12 years ago
[ignite] ignite loads some images over http resulting in a mixed content condition
Categories
(mozillaignite Graveyard :: General, defect)
mozillaignite Graveyard
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mgoodwin, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: sec-low, Whiteboard: [infrasec:tls] [ws:low])
I forgot to reference this issue in the related bug 745151.
Issue:
Requests to sencha.io for images are made over HTTP; this prevents the browser from presenting the site as 'secure' to the user (domain no longer highlighted in blue, etc). This isn't a major security issue (the worst an attacker can do in this case is intercept and / or change images) but can make users less vigilant to more serious issues in the future.
Steps to reproduce:
1) Enable web console (turn on Net logging)
2) Visit ignite
3) Observe requests to src.sencha.io take place over SSL
Remediation:
Sencha do not seem to provide an SSL service (which is a shame) so if you want to resolve this issue (it's not a blocker, in my opinion) we'd need to resize / serve these images ourselves.
Updated•12 years ago
|
Blocks: mozorg-mixedcontent
Comment 1•12 years ago
|
||
We removed sencha so this no longer causes an issue.
The mixed content may now be that a user has included additional images linked from their own sites, or elsewhere on the web in support of their application.
Component: www.drumbeat.org → General
Product: Websites → mozillaignite
QA Contact: ross
Reporter | ||
Comment 2•12 years ago
|
||
(In reply to Ross Bruniges from comment #1)
> We removed sencha so this no longer causes an issue.
>
> The mixed content may now be that a user has included additional images
> linked from their own sites, or elsewhere on the web in support of their
> application.
Let's not worry about users' content in the context of this bug. If sencha is no longer used we can close out this issue.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•12 years ago
|
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•