Closed
Bug 756841
Opened 13 years ago
Closed 12 years ago
Untrusted connection, incomplete dialog when secure page is in frame ("I understand the risks" is missing)
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: etrapani, Unassigned)
References
Details
Attachments
(3 files)
When I visit this page[1] I get an incomplete security dialog that does not have the "I understand the risks" link, so there's no way to add a security exception If I right-click and open the frame in a new window, then I can add the exception.
Reporter | ||
Comment 1•13 years ago
|
||
I guess the first question is whether that is a localization issue, but I get the same screen with the official en-US build, running with -safe-mode.
Comment 2•12 years ago
|
||
a user in the SUMO forum has reported the same reproducible issue with a secure site that embeds an iframe containing a different https URL with a certificate error not showing the "I understand the risks" section. https://support.mozilla.org/de/questions/929298#answer-341229
Reporter | ||
Comment 3•12 years ago
|
||
HTML document to reproduce the error.
Comment 4•12 years ago
|
||
i tried to pin this down - the regression occurred in firefox 11. the first time it fails is on mozilla-central/mozilla-inbound nightly build of 2011-12-07.
Comment 5•12 years ago
|
||
I believe this is intentional: see follow-up bug 742645. (In reply to Eduardo Trápani from comment #0) > If I right-click and open the frame in a new window, then I can add the > exception. This however is inconsistent. Adding dependency to bug 742645
Blocks: 742645
Comment 6•12 years ago
|
||
framed pages can be click-jacked or users can be persuaded to approve a cert for the wrong site, removing the button from cert-error page is intentional. But people do need to add legitimate exceptions in the case of poorly managed servers, so we do want to allow you to open the frame in its own page/tab where you can what site it's for.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
Comment 7•12 years ago
|
||
thanks for clarification!
You need to log in
before you can comment on or make changes to this bug.
Description
•