Closed Bug 756841 Opened 8 years ago Closed 8 years ago

Untrusted connection, incomplete dialog when secure page is in frame ("I understand the risks" is missing)

Categories

(Firefox :: Security, defect)

12 Branch
x86
Linux
defect
Not set

Tracking

()

RESOLVED INVALID

People

(Reporter: etrapani, Unassigned)

References

Details

Attachments

(3 files)

When I visit this page[1] I get an incomplete security dialog that does not have the "I understand the risks" link, so there's no way to add a security exception

If I right-click and open the frame in a new window, then I can add the exception.
I guess the first question is whether that is a localization issue, but I get the same screen with the official en-US build, running with -safe-mode.
a user in the SUMO forum has reported the same reproducible issue with a secure site that embeds an iframe containing a different https URL with a certificate error not showing the "I understand the risks" section.

https://support.mozilla.org/de/questions/929298#answer-341229
HTML document to reproduce the error.
i tried to pin this down - the regression occurred in firefox 11. the first time it fails is on mozilla-central/mozilla-inbound nightly build of 2011-12-07.
I believe this is intentional: see follow-up bug 742645.

(In reply to Eduardo Trápani from comment #0)
> If I right-click and open the frame in a new window, then I can add the
> exception.
 
This however is inconsistent. Adding dependency to bug 742645
Blocks: 742645
framed pages can be click-jacked or users can be persuaded to approve a cert for the wrong site, removing the button from cert-error page is intentional. But people do need to add legitimate exceptions in the case of poorly managed servers, so we do want to allow you to open the frame in its own page/tab where you can what site it's for.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
thanks for clarification!
You need to log in before you can comment on or make changes to this bug.