Closed
Bug 769846
Opened 12 years ago
Closed 11 years ago
mobile https Google search results pages are mixed-content (partially encrypted)
Categories
(Web Compatibility :: Site Reports, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: bug.zilla, Unassigned)
References
()
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
Build ID: 20120614114901
Steps to reproduce:
(1) Visited https://www.google.co.uk/m
(2) Set keyword.url to https://www.google.co.uk/search?hl=en&sky=ee&q=
(3) Set keyword.url to https://www.google.co.uk/m?search?ie=UTF-8&oe=utf-8&q=
Actual results:
(1) Takes you to the secure site and the padlock appears
(2) and (3) do not show the padlock
Expected results:
Padlock appears when visiting (2) and (3) from Firefox desktop, so it should also appear when using Fennec
Comment 1•12 years ago
|
||
FIrefox mobile (Fennec) has the same browser engine (Gecko) as desktop but it's a different browser. I'm fairly certain it doesn't support keyword.url and instead uses a completely different mechanism to distinguish searches from URLs (there's no separate search box, it's just one field).
I know there's a way to add search providers through add-ons; I'm not sure if there's an easy way to replace one of the built-in ones but that's what you'd have to do. Not a security bug, this is either an enhancement request (want ability to install different version of Google search) or should be closed "worksforme" if that feature exists already.
Group: core-security
Comment 2•12 years ago
|
||
I'm pretty sure that mobile Firefox uses a search plugin:
http://mxr.mozilla.org/mozilla-central/source/mobile/locales/en-US/searchplugins/google.xml
And that it defaults to https://www.google.com for searches. I have no idea if you can change the URL without replacing the search plugin, but the default searches should be secure.
Comment 3•12 years ago
|
||
Keyword.url should work. On my phone, we do load the correct https page, but don't show a padlock.
Comment 4•12 years ago
|
||
https://www.google.co.uk/m?search?ie=UTF-8&oe=utf-8&q=test does not show a padlock (in desktop or mobile) because it is mixed-content. It uses http for the images on the page. This is a Google issue, not a Firefox bug.
Status: UNCONFIRMED → NEW
Component: General → Evangelism
Ever confirmed: true
OS: Windows 7 → All
QA Contact: general → evangelism
Hardware: x86_64 → All
Summary: Cannot force https on Google searches → mobile https Google search results pages are mixed-content (partially encrypted)
Version: Firefox 16 → Trunk
Comment 5•12 years ago
|
||
(In reply to Matt Brubeck (:mbrubeck) from comment #4)
> https://www.google.co.uk/m?search?ie=UTF-8&oe=utf-8&q=test does not show a
> padlock (in desktop or mobile) because it is mixed-content. It uses http
> for the images on the page. This is a Google issue, not a Firefox bug.
Is it a security issue to serve sensitive content via SSL and non sensitive content (static images) via plain HTTP? If not, this sounds like a Firefox issue to me.
Comment 6•12 years ago
|
||
(In reply to Lawrence Mandel [:lmandel] from comment #5)
> Is it a security issue to serve sensitive content via SSL and non sensitive
> content (static images) via plain HTTP? If not, this sounds like a Firefox
> issue to me.
Yes, mixed content is a security risk. Other browsers also display partially-encrypted pages like this one as "insecure"; for example Chrome displays a warning icon over the padlock in the address bar.
Comment 7•12 years ago
|
||
I just confirmed that Chrome displays the page with the same warning as Firefox (as Matt said). I'll add this to the list of issues to pass along to Google but it is of note that this issue exists in their own product.
Updated•12 years ago
|
Blocks: google-evangelism
Comment 8•12 years ago
|
||
It looks like this has been fixed by Google.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Comment 9•12 years ago
|
||
I can reproduce this issue on the latest Nightly. I type "news" in URL Bar and then I tap on "news" suggestion for Google. Even if the url is a ssl one, the lock is not displayed.
The same happens for "mozilla". However, I try this for "home", the site-identity lock is displayed. Reopening bug
--
Firefox 18.0a1 (2012-10-08)
Device: Galaxy Note
OS: Android 4.0.4
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Comment 10•12 years ago
|
||
Great site! <a href="http://www.sbwire.com/press-releases/lowcosthealthinsurancesitecom-helps-students-save-money-after-idaho-insurance-mandate-changes-166176.htm">Cheap health insurance</a>
Updated•12 years ago
|
Component: Evangelism → Mobile
OS: All → Android
Product: Firefox for Android → Tech Evangelism
Hardware: All → ARM
Version: Trunk → unspecified
Comment 11•12 years ago
|
||
Is this bug still an issue? I tried searching for "news," "mozilla," "home," "puppies," "kittens," etc, but saw the site-identity lock on each search results page.
Firefox 19.0a1 (2012-11-06)
Device: Samsung Galaxy Nexus
OS: Android 4.1.1
Comment 12•12 years ago
|
||
I do not see a padlock when entering the URL
https://www.google.co.uk/m?search?ie=UTF-8&oe=utf-8&q=test
Interestingly, I do see a padlock when searching "news", "home", "puppies", and "kittens" but not when searching "mozilla".
Comment 13•11 years ago
|
||
This seems to work just fine now. I haven't seen a missing padlock on a single query.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 11 years ago
Resolution: --- → WORKSFORME
Comment 14•11 years ago
|
||
This wasn't an issue with the Mixed Content Blocker, because no content was blocked back when this bug was filed. Removing the blocker.
No longer blocks: 844556
Assignee | ||
Updated•6 years ago
|
Product: Tech Evangelism → Web Compatibility
Assignee | ||
Updated•9 months ago
|
Component: Mobile → Site Reports
You need to log in
before you can comment on or make changes to this bug.
Description
•