Open Bug 749946 Opened 8 years ago Updated 5 years ago
Secured websites with mixed content display identity-box as not secured on first load and as secured after refresh
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:15.0) Gecko/20120427 Firefox/15.0a1 Build ID: 20120427030500 Steps to reproduce: Restart Browser with option to remember tabs from last time. Two tabs are open: Google and AMO (verified domain and verified identity). In Stylish there are User Styles for both that use images hosted on a normal HTTP so the result is mixed-content (HTTP and HTTPS). Actual results: On first load both website's identity-box display as not secured. After reloading the page the identity-box display as secure. Expected results: The identity-box should display as not secured (mixed content) also on second load.
Severity: normal → major
Component: Untriaged → Security
Hardware: x86 → x86_64
It would be helpful if you could provide exact URLs to try this on and Stylish configuration settings.
(In reply to KLB from comment #1) > It would be helpful if you could provide exact URLs to try this on and > Stylish configuration settings. URLs: https://www.google.com/ https://addons.mozilla.org/en-US/firefox/ User Styles for Stylish: http://userstyles.org/styles/43463/darker-google http://userstyles.org/styles/25811/amo-dark-theme
I can also reproduce when I added the style mentioned above to userContent.css. Works(with UA spoofing Firefox instead of Minfield) Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1b1pre) Gecko/20080901033305 Minefield/3.1b1pre Broken Google and AMO bith: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1b1pre) Gecko/20080902033133 Minefield/3.1b1pre Pushlog http://hg.mozilla.org/mozilla-central/pushloghtml?startdate=2008-09-01+00%3A00%3A00&enddate=2008-09-02+04%3A00%3A00 Suspected: Bug 451420, Bug 135007, Bug 450912
Depends on: 748809
As I understand this can be reproduced only when Stylish extension has been installed? Firefox it self is not showing this behavior?
You need to log in before you can comment on or make changes to this bug.