When you click "view source" you expect to get the source of the page you're looking at, not some entirely different webpage. A huge number of webpages are sensitive to request timing, including any page with logins, and "view source" is useless in each of those cases. Of course, there is a hackjob solution if one wants to view the current source - to use "inspect element". But that is an entirely different issue; the problem here is that "view source" does not do what the user wants it to do, and in any case, "inspect element" is nowhere near a perfect substitute for "view source". This quirk in Firefox's behavior has already been well-exploited in the wild by malware, such as the Blackhole kit. When Firefox first loads a compromised webpage, the user's system gets owned through a Java exploit. Blackhole bans all subsequent requests, so "View source" shows a blank page. Any user unaware that "view source" sends a second request (almost everyone) will be misled into thinking that nothing has happened, even though his system has just been compromised.
Didn't search carefully enough.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 307089
You need to log in before you can comment on or make changes to this bug.