No longer blocks: 744304
Component: Security Assurance → Theme
Product: mozilla.org → Firefox
QA Contact: security-assurance → theme
Version: other → Trunk
7 years ago
Current nightly design for mixed(encryption + unencrypted) content is the almost the same with the unencrypted one. I think simply colouring the current mixed content design should solve the problem.
To test this, open http://zpao.com/posts/max-concurrent-tabs-is-dead/ and click the link at the bottom ("For the details, check out bug 648683").
I've updated this patch to use the warning (triangle shaped) icon that can be seen in this screenshot: http://cl.ly/0S2r0E0G2q2s0f0E0q2P
Target Milestone: --- → Firefox 15
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Can we backport this and the other identity block bugs to Aurora? I don't think our users would like to see the identity block change two times (13-14 and 14-15)
Maybe this should also be a yellow Larry that would better fit with the new icon ?
(In reply to Guillaume C. [:ge3k0s] from comment #9) > Maybe this should also be a yellow Larry that would better fit with the new > icon ? FWIW yellow "Larry" is for "This connection is untrusted" as of today.  https://support.mozilla.org/en-US/kb/This%20connection%20is%20untrusted
Depends on: 755429
Hey guys, I'm working on bug 62178 and am wondering if there's an API that we've exposed to trigger changes in the site identity icons. I have code that watches for mixed content, but until now my approach has been to fire an event at the offending document and let the UI put up an info bar. While we figure out what the exact UI is to be, I need to know how to, at a minimum, update the site identity block. Thanks!
Adding the tracking-firefox14 flag since the security team would like the new identity-block features to land at the same time.
Comment on attachment 622576 [details] [diff] [review] Dao's patch with Stephen's icons [Approval Request Comment] Bug caused by (feature/regressing bug #): none, new feature User impact if declined: inconsistent security UI between Fx14 & Fx15 Testing completed (on m-c, etc.): been on m-c for a long time Risk to taking this patch (and alternatives if risky): no risk anticipated String or UUID changes made by this patch: none I am requesting approval for this patch as well as the patch for bug 755429.
Attachment #622576 - Flags: approval-mozilla-aurora?
Comment on attachment 622576 [details] [diff] [review] Dao's patch with Stephen's icons [Triage Comment] Approved for Aurora given this is a low risk change to get feature parity between FF14 and FF15.
Attachment #622576 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
So, what's the plan here?
(In reply to Marco Castelluccio from comment #17) > So, what's the plan here? For now, see bug 766985. Once bug 62178 (or bits of it land), the UI can then behave differently based on whether the mixed content is classified as 'script' or 'display' content - there seems to be some level of consensus that mixed display content is a less serious threat to the user than mixed script content. The UX we end up with for each scenario should reflect this. Also, there's agreement with your point in comment 8 that the UX around this shouldn't change and then change again.
Ok, thank you for the clarification.
See Also: → 760854
(In reply to Jared Wein [:jaws] from comment #13) > Adding the tracking-firefox14 flag since the security team would like the > new identity-block features to land at the same time. What's the plan for FF14 at this point? Should we uplift further?
Assignee: nobody → jaws
Comment #18 is the current status of this bug. It is my understanding that for Firefox 14, 15, and 16 we are going to plan on using the globe icon for mixed-content. When bug 62178 is fixed we can then add some new UI for what we consider to be more dangerous mixed-content.
Whiteboard: [SecReview Action Item][blocks FF14] → [SecReview Action Item]
This no longer needs to track14+ - bug 766985 is fixed for 14, and we're happy with the status quo there.
Assignee: jaws → nobody
Depends on: 62178
This will change when bug 782654 lands. This is what it will look like: * HTTPS page with a valid EV Cert - Green Lock (no change) * HTTPS page with a valid SSL Cert - Grey Lock (no change) * HTTPS page with a valid EV/SSL Cert and Mixed Content Blocked - Green/Grey Lock and Shield Icon on the right side of the url bar (see http://people.mozilla.com/~lco/ProjectSPF/Mixed_Content/Mixed%20Content%20Spec%20v3.pdf page 8) * HTTPS page with a valid EV/SSL Cert and Mixed Script Content Enabled - Yellow Triangle with Black Exclamation point and https will be crossed out in grey (see http://people.mozilla.com/~lco/ProjectSPF/Mixed_Content/Mixed%20Content%20Spec%20v3.pdf page 8) * HTTPS page with a valid EV/SSL Cert and Mixed Display Content - Grey Globe icon and https:// in the url bar (no change) * HTTP page - Globe Icon and no http:// in the url bar (no change) If someone is interested in fixing and landing this specific part right now, go for it. You may be able to it in Firefox 18, while bug 782654 won't make it to Firefox 18: * HTTPS page with a valid EV/SSL Cert and Mixed Script Content Enabled - Yellow Triangle with Black Exclamation point and https will be crossed out in grey (see http://people.mozilla.com/~lco/ProjectSPF/Mixed_Content/Mixed%20Content%20Spec%20v3.pdf page 8)
This was fixed in bug 822366.
Status: REOPENED → RESOLVED
Last Resolved: 7 years ago → 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.